CVE-2025-0364 — CRITICAL (9.8)

Q: How severe is CVE-2025-0364?

CVE-2025-0364 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-0364?

Check the references section above for vendor advisories and patch information. Affected products include: Bigantsoft Bigant Server.

Vulnerability Description

BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bigantsoft	Bigant Server	<= 5.6.06

Related Weaknesses (CWE)

CWE-288

References

https://vulncheck.com/advisories/big-ant-upload-rceThird Party Advisory
https://github.com/vulncheck-oss/cve-2025-0364ExploitThird Party Advisory

FAQ

What is CVE-2025-0364?

CVE-2025-0364 is a vulnerability with a CVSS score of 9.8 (CRITICAL). BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administ...

How severe is CVE-2025-0364?

CVE-2025-0364 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-0364?

Check the references section above for vendor advisories and patch information. Affected products include: Bigantsoft Bigant Server.