Plattform
php
Komponente
baserproject/basercms
Behoben in
5.2.4
5.2.3
CVE-2025-32957 is a Remote Code Execution (RCE) vulnerability affecting baserproject/basercms versions up to 5.2.2. This vulnerability allows attackers to upload a specially crafted ZIP archive, which, when restored, executes malicious PHP code. Successful exploitation can lead to complete system compromise. The vulnerability is fixed in version 5.2.3, and users are strongly advised to upgrade immediately.
An attacker can exploit CVE-2025-32957 by crafting a malicious ZIP archive containing a PHP file. When a user with appropriate permissions restores this archive, the PHP file will be included using require_once, allowing the attacker to execute arbitrary code on the server. This could lead to complete system compromise, data theft, or denial of service. The vulnerability's high CVSS score reflects the ease of exploitation and the potential for severe impact. This vulnerability shares similarities with other insecure file inclusion vulnerabilities, such as those seen in legacy PHP applications.
CVE-2025-32957 was published on 2026-03-31. The vulnerability has a CVSS score of 8.7 (HIGH), indicating a significant risk. A proof-of-concept (POC) exploit is publicly available on GitHub. It is not currently listed on KEV or EPSS, but the availability of a POC suggests a potential for active exploitation.
Organizations using basercms versions 5.2.2 and earlier, particularly those with publicly accessible restore functionality, are at significant risk. Shared hosting environments where multiple users can upload files are especially vulnerable, as a compromised user account could be used to exploit this vulnerability and impact other users on the same server.
• php: Examine web server access logs for suspicious ZIP file uploads, particularly those containing PHP files. Use grep to search for patterns indicative of malicious code within the uploaded ZIP archives.
grep -r '<?php' /var/www/basercms/uploads/*• generic web: Monitor response headers for unexpected content or errors after ZIP file uploads. Use curl to test the restore functionality with a benign ZIP file and observe the server's behavior.
curl -I http://your-basercms-site.com/restore.php?file=test.zipdisclosure
poc
Exploit-Status
EPSS
0.07% (20% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-32957 is to upgrade to version 5.2.3 of baserproject/basercms. This version includes a fix that validates filenames before including them. As a temporary workaround, restrict file upload permissions and implement strict input validation on the restore function. Consider implementing a web application firewall (WAF) rule to block ZIP uploads containing PHP files. After upgrade, confirm by attempting to restore a test ZIP archive containing a simple PHP file and verifying that the file is not executed.
Actualice baserCMS a la versión 5.2.3 o superior. Esta versión corrige la vulnerabilidad de carga de archivos insegura que permite la ejecución remota de código. La actualización se puede realizar a través del panel de administración de baserCMS o descargando la última versión desde el sitio web oficial.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-32957 is a Remote Code Execution vulnerability in baserproject/basercms versions up to 5.2.2, allowing attackers to execute arbitrary code through a malicious ZIP file upload.
You are affected if you are using baserproject/basercms version 5.2.2 or earlier. Upgrade to 5.2.3 to mitigate the risk.
Upgrade baserproject/basercms to version 5.2.3 or later. As a temporary workaround, restrict file uploads or disable the restore functionality.
While no active campaigns have been confirmed, a public proof-of-concept exists, increasing the risk of exploitation.
Refer to the baserproject/basercms official security advisories on their website or GitHub repository for detailed information and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.