- Description
- baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included. This issue has been patched in version 5.2.3.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- basercms
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-434
- Hype score
- Not currently trending
CVE-2025-32957 baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automaticall… https://t.co/aKrCjG6Y4F
@CVEnew
31 Mar 2026
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡ New CVE Alert: CVE-2025-32957 📊 Severity: 8.7 🚨 Risk Level: High 🧩 Affects: Multiple / Unspecified Products Reference: https://t.co/Hkqp4tsY44 #CVE-2025-32957 #CVE #High #CyberSecurity #InfoSec https://t.co/Hg4OhttYq3
@CVEarity
31 Mar 2026
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-32957: HIGH] Website developers using baserCMS should update to version 5.2.3 to prevent arbitrary code execution. Prior versions allow attackers to upload malicious PHP files through the restore f...#cve,CVE-2025-32957,#cybersecurity https://t.co/we8osesP0W
@CveFindCom
31 Mar 2026
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟠 CVE-2025-32957 - High baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file i... https://t.co/PbetGxvnh6 https://t.co/tPV4trJxrJ
@TheHackerWire
31 Mar 2026
156 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟠 CVE-2025-32957 - High baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file i... https://t.co/PbetGxvnh6 https://t.co/6HXvxgaVyJ
@TheHackerWire
31 Mar 2026
157 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07DEEEF3-0621-431D-8A38-405EDBD0957E",
"versionEndExcluding": "5.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]