CVE-2022-32175 is a Cross-Site Request Forgery (CSRF) vulnerability identified in AdGuardHome, an open-source network-wide ad and tracker blocking DNS server. This vulnerability affects versions from v0.95 through v0.108.0-b.13, including v0.99.0 and potentially other unspecified versions within this range. The flaw resides in the custom filtering rules functionality, where an attacker can trick an authenticated user into visiting a maliciously crafted link. Because the user is already authorized, the malicious request is executed with their privileges, allowing the attacker to delete or modify custom filtering rules without the user's consent. This can disrupt the intended filtering policies, potentially allowing unwanted ads, trackers, or malicious content to bypass the DNS filtering or cause denial of service by removing critical rules. The vulnerability has a CVSS 3.1 base score of 5.4, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) shows that the attack can be performed remotely over the network without privileges but requires user interaction (clicking a link). The impact affects integrity and availability of the filtering rules but does not compromise confidentiality. No known exploits in the wild have been reported, and no official patches or mitigations are linked in the provided data. The vulnerability is classified under CWE-352, which is a common web security weakness related to CSRF attacks. Given the nature of AdGuardHome as a DNS filtering tool, exploitation could undermine network security policies and user privacy protections.

For European organizations, the impact of this vulnerability can be significant depending on their reliance on AdGuardHome for network-wide ad and tracker blocking. By exploiting this CSRF flaw, attackers can alter or delete filtering rules, potentially allowing malicious domains, ads, or trackers to bypass DNS filtering. This undermines privacy controls and may expose users to phishing, malware, or data leakage through trackers. Additionally, the removal of filtering rules could degrade network performance or user experience by allowing unwanted content. Organizations in sectors with strict privacy regulations such as GDPR may face compliance risks if user data is exposed due to weakened filtering. The attack requires user interaction but no elevated privileges, making it feasible in environments where users access web interfaces of AdGuardHome. Since AdGuardHome is often deployed in home networks, small businesses, and some enterprise environments, the impact varies but can be critical for privacy-focused organizations or those using it as a primary DNS filtering solution.

To mitigate this vulnerability, organizations should: 1) Upgrade AdGuardHome to a version where this CSRF vulnerability is patched once available. Monitor official AdGuardHome releases and security advisories for updates. 2) Implement web application security best practices such as enforcing anti-CSRF tokens on all state-changing requests in the web interface, if customization is possible. 3) Restrict access to the AdGuardHome web interface to trusted networks or VPNs to reduce exposure to malicious links from external sources. 4) Educate users about the risks of clicking unsolicited or suspicious links, especially when authenticated to network management interfaces. 5) Employ network-level protections such as web filtering or intrusion prevention systems to detect and block malicious URLs that could trigger CSRF attacks. 6) Regularly backup custom filtering rules to enable quick restoration if unauthorized changes occur. 7) Consider isolating the AdGuardHome management interface from general user access to minimize attack surface. These measures go beyond generic advice by focusing on access control, user awareness, and proactive monitoring tailored to the nature of this CSRF vulnerability.