Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-25654

CRITICAL
Published 2023-03-23T19:22:30.154Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-25654. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
9.8
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.013
probability
of exploitation in the wild

There is a 1.3% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.784
Higher than 78.4% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

baserproject

basercms

Affected Versions:

< 4.7.4

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

baserCMS File Uploader Remote Code Execution (RCE) vulnerability

GHSA-h4cc-fxpp-pgw9

Advisory Details

### Impact There is a Remote Code Execution (RCE) Vulnerability on the management system of baserCMS. ### Target baserCMS 4.7.3 and earlier versions ### Patches Update to the latest version of baserCMS ### Credits 島峰泰平@三井物産セキュアディレクション株式会社

Affected Packages

Packagist baserproject/basercms
ECOSYSTEM: ≥0 <4.7.5

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

WEB https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-25654
WEB https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96
WEB https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359
WEB https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0
PACKAGE https://github.com/baserproject/basercms
WEB https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5

Advisory provided by GitHub Security Advisory Database. Published: March 23, 2023, Modified: March 28, 2023

References

https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9
https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96
https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359
https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0
https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5
Published: 2023-03-23T19:22:30.154Z
Last Modified: 2025-02-25T14:51:02.752Z
Copied to clipboard!