9.8

CVE-2025-0364

Exploit

EPSS 25.63%
Veröffentlicht 04.02.2025 18:15:35
Zuletzt bearbeitet 29.09.2025 18:11:15
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bigantsoft ≫ Bigant Server Version <= 5.6.06

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	25.63%	0.961

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

https://vulncheck.com/advisories/big-ant-upload-rce

Third Party Advisory

https://github.com/vulncheck-oss/cve-2025-0364

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-0364

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0364

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0364

EUVD