Platform
php
Component
baserproject/basercms
Fixed in
5.2.4
5.2.3
CVE-2025-32957 is a Remote Code Execution (RCE) vulnerability affecting baserproject/basercms versions up to 5.2.2. This vulnerability allows attackers to upload a specially crafted ZIP archive, which, when restored, executes malicious PHP code. Successful exploitation can lead to complete system compromise. The vulnerability is fixed in version 5.2.3, and users are strongly advised to upgrade immediately.
The impact of CVE-2025-32957 is severe. An attacker can achieve arbitrary code execution on the server hosting basercms. This means they can potentially read sensitive data, modify files, install malware, or even take complete control of the system. The vulnerability stems from the insecure handling of uploaded ZIP files during the restore process. The application blindly includes PHP files within the archive using require_once without proper validation, allowing an attacker to inject and execute malicious code. This is analogous to other file inclusion vulnerabilities where untrusted input is directly incorporated into code execution paths.
Public proof-of-concept (PoC) code is available, demonstrating the ease of exploitation. The vulnerability has not been observed in active campaigns at the time of writing, but the availability of a PoC increases the likelihood of future exploitation. This CVE was published on 2026-03-31. Its inclusion in the CISA KEV catalog is pending.
Exploit Status
EPSS
0.07% (20% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-32957 is to upgrade basercms to version 5.2.3 or later, which contains the fix. If upgrading is not immediately possible, consider implementing temporary workarounds. These may include restricting file uploads to only trusted sources, implementing strict filename validation to prevent PHP files from being uploaded, and disabling the restore functionality entirely if it is not essential. Web application firewalls (WAFs) can also be configured to detect and block attempts to upload malicious ZIP files. After upgrading, verify the fix by attempting a restore with a known malicious ZIP file (in a test environment) to confirm that the PHP code is no longer executed.
Update baserCMS to version 5.2.3 or higher. This version fixes the unsafe file upload vulnerability that allows remote code execution. The update can be performed through the baserCMS administration panel or by downloading the latest version from the official website.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-32957 is a Remote Code Execution vulnerability in baserproject/basercms versions up to 5.2.2, allowing attackers to execute arbitrary code through a malicious ZIP file upload.
You are affected if you are using baserproject/basercms version 5.2.2 or earlier. Upgrade to 5.2.3 to mitigate the risk.
Upgrade baserproject/basercms to version 5.2.3 or later. As a temporary workaround, restrict file uploads or disable the restore functionality.
While no active campaigns have been confirmed, a public proof-of-concept exists, increasing the risk of exploitation.
Refer to the baserproject/basercms official security advisories on their website or GitHub repository for detailed information and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.