CVE-2022-44542 is a critical remote code execution vulnerability found in lesspipe versions prior to 2.06. lesspipe is a shell script used to preprocess files for viewing in pagers like less. The vulnerability arises due to unsafe deserialization of Perl Storable (pst) files. Specifically, lesspipe processes these pst files by deserializing objects without proper validation, which allows an attacker to craft malicious serialized data containing a key/value pair in a hash that triggers execution of a destructor method during deserialization. This leads to arbitrary code execution in the context of the user running lesspipe, without requiring any authentication or user interaction. The CVSS 3.1 base score is 9.8 (critical), reflecting the high impact on confidentiality, integrity, and availability, combined with ease of exploitation over the network without privileges. The underlying weakness is CWE-502: Deserialization of Untrusted Data. Although no known exploits in the wild have been reported, the vulnerability is severe due to the nature of deserialization flaws and the potential for remote exploitation. lesspipe is commonly used in Unix-like environments, often integrated into shell environments for enhanced file viewing capabilities. The lack of a vendor or product name in the record suggests this is a community or open-source tool rather than a commercial product. No official patches or fixes are linked yet, so users must be cautious and monitor for updates.

For European organizations, this vulnerability poses a significant risk, especially for those relying on Linux or Unix-based systems where lesspipe is deployed as part of the command-line toolchain. Successful exploitation could allow attackers to execute arbitrary code remotely, leading to full system compromise, data theft, or disruption of services. This is particularly concerning for critical infrastructure, government agencies, and enterprises with sensitive data or operational technology environments. Since lesspipe is often used by system administrators and developers, exploitation could lead to privilege escalation or lateral movement within networks. The vulnerability's impact on confidentiality, integrity, and availability is high, potentially enabling attackers to implant persistent backdoors or disrupt business operations. The lack of authentication and user interaction requirements increases the attack surface, making automated exploitation feasible. European organizations with open-source software dependencies or those that integrate lesspipe into their workflows must prioritize mitigation to avoid exposure.

Immediate mitigation steps include auditing systems to identify installations of lesspipe and verifying their versions. Until an official patch is released, organizations should consider disabling lesspipe or restricting its usage to trusted users and environments. Employing application whitelisting and restricting execution privileges can limit the impact of exploitation. Monitoring logs for unusual deserialization activity or unexpected execution patterns may help detect attempted exploitation. Network segmentation and limiting exposure of systems running lesspipe to untrusted networks will reduce risk. Organizations should subscribe to relevant security advisories and update lesspipe to version 2.06 or later once available. Additionally, applying general best practices for handling serialized data—such as avoiding deserialization of untrusted input—should be enforced in custom scripts or tools. Security teams should conduct penetration testing and vulnerability scans focusing on deserialization flaws to identify other potential weaknesses.