CVE-2025-0364

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 4, 2025

CWE ID 288

Summary

CVE-2025-0364 is a critical vulnerability affecting BigAntSoft's BigAnt Server, versions up to 5.6.06. This issue allows unauthenticated remote attackers to exploit the default exposed SaaS registration mechanism and create administrative users. With administrative access, the adversary is able to upload and execute arbitrary PHP code using the "Cloud Storage Addin," resulting in unauthenticated code execution. This vulnerability poses a significant risk and requires immediate remediation by users of the affected software.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

BigAntsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2U8SH4
https://www.cve.org/CVERecord?id=CVE-2025-0364
https://nvd.nist.gov/vuln/detail/CVE-2025-0364

Back to Vulnerability Database

CVE-2025-0364

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations