CVE-2022-44900 is a critical directory traversal vulnerability found in the Python library py7zr, specifically affecting the SevenZipFile.extractall() function in version 0.20.0 and earlier. This vulnerability allows an attacker to craft a malicious 7z archive file that, when extracted using the vulnerable function, can write arbitrary files to arbitrary locations on the victim's filesystem. The root cause is improper sanitization of file paths during extraction, enabling directory traversal (CWE-22). An attacker can exploit this by delivering a specially crafted 7z archive to a system that uses py7zr for decompression, potentially overwriting critical files or planting malicious payloads without requiring any authentication or user interaction. The CVSS v3.1 base score is 9.1 (critical), reflecting the vulnerability's ease of exploitation (network vector, no privileges required, no user interaction) and its high impact on confidentiality and integrity, although availability impact is not significant. No known exploits have been reported in the wild as of the published date, but the vulnerability poses a significant risk due to the widespread use of py7zr in Python applications for handling 7z archives.

For European organizations, the impact of CVE-2022-44900 can be substantial, especially for those relying on Python-based applications that utilize py7zr for archive extraction. Successful exploitation can lead to unauthorized file writes, enabling attackers to overwrite configuration files, implant backdoors, or escalate privileges by modifying system or application files. This compromises confidentiality and integrity, potentially leading to data breaches, unauthorized access, or persistent footholds within networks. Industries with high reliance on automated data processing, software development, or document management systems that decompress 7z files are particularly at risk. Given the vulnerability requires no authentication or user interaction, it can be exploited remotely if the vulnerable extraction function processes untrusted archives, increasing the attack surface. The absence of known exploits in the wild currently limits immediate impact, but the critical severity and ease of exploitation warrant urgent attention to prevent future attacks.

To mitigate CVE-2022-44900, European organizations should: 1) Immediately update py7zr to a patched version beyond 0.20.0 once available, or apply vendor-supplied patches if provided. 2) Implement strict input validation and sanitization on all 7z archives before extraction, including rejecting archives containing suspicious or absolute file paths, or paths with directory traversal sequences (e.g., '../'). 3) Employ sandboxing or extraction within isolated environments with limited permissions to contain potential damage from malicious archives. 4) Monitor and restrict the sources of 7z files processed by applications using py7zr, ensuring only trusted inputs are handled. 5) Audit existing systems for usage of py7zr and identify any automated workflows that decompress 7z files, applying compensating controls such as manual review or alternative extraction tools until patched. 6) Enhance logging and alerting on file system changes in directories where extraction occurs to detect anomalous activity promptly. 7) Educate developers and system administrators about the risks of directory traversal vulnerabilities and secure coding practices related to archive extraction.