9.8

CVE-2025-0364

Exploit

EPSS 1.78%
Veröffentlicht 04.02.2025 18:15:35
Zuletzt bearbeitet 29.09.2025 18:11:15
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

BigAntSoft BigAnt Server Account Registration Bypass to File Upload RCE

BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bigantsoft ≫ Bigant Server Version <= 5.6.06

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.78%	0.754

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

https://vulncheck.com/advisories/big-ant-upload-rce

Third Party Advisory

https://github.com/vulncheck-oss/cve-2025-0364

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-0364

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0364

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0364

EUVD