{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-32957", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-04-14T21:47:11.452Z", "datePublished": "2026-03-31T00:43:48.908Z", "dateUpdated": "2026-03-31T19:09:23.581Z"}, "containers": {"cna": {"title": "baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)", "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "lang": "en", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r"}, {"name": "https://basercms.net/security/JVN_20837860", "tags": ["x_refsource_MISC"], "url": "https://basercms.net/security/JVN_20837860"}, {"name": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"}], "affected": [{"vendor": "baserproject", "product": "basercms", "versions": [{"version": "< 5.2.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T00:43:48.908Z"}, "descriptions": [{"lang": "en", "value": "baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included. This issue has been patched in version 5.2.3."}], "source": {"advisory": "GHSA-hv78-cwp4-8r7r", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T18:39:21.747739Z", "id": "CVE-2025-32957", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T19:09:23.581Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32957", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-31T18:39:21.747739Z"}}}], "references": [{"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T19:05:50.145Z"}}], "cna": {"title": "baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)", "source": {"advisory": "GHSA-hv78-cwp4-8r7r", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "baserproject", "product": "basercms", "versions": [{"status": "affected", "version": "< 5.2.3"}]}], "references": [{"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r", "name": "https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://basercms.net/security/JVN_20837860", "name": "https://basercms.net/security/JVN_20837860", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "name": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included. This issue has been patched in version 5.2.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T00:43:48.908Z"}}}, "cveMetadata": {"cveId": "CVE-2025-32957", "state": "PUBLISHED", "dateUpdated": "2026-03-31T19:09:23.581Z", "dateReserved": "2025-04-14T21:47:11.452Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T00:43:48.908Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*", "matchCriteriaId": "07DEEEF3-0621-431D-8A38-405EDBD0957E", "versionEndExcluding": "5.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included. This issue has been patched in version 5.2.3."}, {"lang": "es", "value": "baserCMS es un framework de desarrollo de sitios web. Antes de la versi\u00f3n 5.2.3, la funci\u00f3n de restauraci\u00f3n de la aplicaci\u00f3n permite a los usuarios subir un archivo .zip, que luego se extrae autom\u00e1ticamente. Un archivo PHP dentro del archivo comprimido se incluye usando require_once sin validar ni restringir el nombre del archivo. Un atacante puede crear un archivo PHP malicioso dentro del zip y lograr la ejecuci\u00f3n de c\u00f3digo arbitrario cuando este se incluye. Este problema ha sido parcheado en la versi\u00f3n 5.2.3."}], "id": "CVE-2025-32957", "lastModified": "2026-04-01T20:31:57.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-31T01:16:34.530", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://basercms.net/security/JVN_20837860"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.2.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "basercms", "vendor": "baserproject"}], "analysis": {"en": {"generated_at": "2026-04-02T04:56:37.212298+00:00", "value": {"mitigation_remediation": ["Apply baserCMS update to version\u202f5.2.3 or newer, as released by baserproject."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is baserCMS from baserproject. Any installation running a version before\u202f5.2.3 is vulnerable. The flaw was addressed in the 5.2.3 release and later versions are considered safe.", "description_and_impact": "baserCMS a PHP\u2011based website framework that includes a restore feature allowing users to upload ZIP archives. Prior to version\u202f5.2.3, the restore process automatically extracts the archive and then inclusively requires any PHP file found inside. An attacker can embed a malicious PHP script within a crafted ZIP package so that it is executed when the archive is restored, resulting in arbitrary code execution on the web server. This vulnerability is categorized as a file\u2011upload flaw (CWE\u2011434).", "risk_and_exploitability": "The score of 8.7 under CVSS denotes high severity, while the EPSS value of less than\u202f1\u202f% suggests that exploitation is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker can trigger the flaw by uploading a crafted ZIP file through the web interface's restore function. If the vulnerability is exploited, the attacker could gain full control over the application server, compromising confidentiality, integrity, and availability of the hosted services."}}}}, "created": "2026-03-31T19:56:45.214621+00:00", "updated": "2026-04-03T09:10:48.136335+00:00", "vendors": ["baserproject", "baserproject$PRODUCT$basercms"]}