CVE-2025-32957info

Summary

baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included. This issue has been patched in version 5.2.3.

Disclosure

03/31/2026

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!