CVE-2025-0364 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticate…
Critical CVSS: 9.8

CVE-2025-0364

BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.
Vendor
Bigantsoft
Product
Bigant Server
CWE
CWE-288
Yayın Tarihi
2025-02-04 18:15:35
Güncelleme
2025-09-29 18:11:15
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-288 Bigant Server CRITICAL Bigantsoft 2025

Referanslar

https://vulncheck.com/advisories/big-ant-upload-rce https://github.com/vulncheck-oss/cve-2025-0364