NextGuard
UNKNOWNCVE-2025-32957

baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)

Platform

php

Component

basercms

Fixed in

5.2.3

View on NVD

baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included. This issue has been patched in version 5.2.3.

How to fix

Actualice baserCMS a la versión 5.2.3 o superior. Esta versión corrige la vulnerabilidad de carga de archivos insegura que permite la ejecución remota de código. La actualización se puede realizar a través del panel de administración de baserCMS o descargando la última versión desde el sitio web oficial.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2025-32957 — Vulnerability Details | NextGuard | NextGuard