{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2025-32957/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.7,"id":"CVE-2025-32957"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["basercms","rce","cve-2025-32957","webserver"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003ebaserCMS, a website development framework, contains an arbitrary code execution vulnerability in versions prior to 5.2.3. The vulnerability, identified as CVE-2025-32957, lies within the application\u0026rsquo;s restore function. This function allows users, including potentially unauthenticated users depending on configuration, to upload a .zip file. The uploaded archive is automatically extracted by the application. A PHP file within the extracted archive is then included using \u003ccode\u003erequire_once\u003c/code\u003e without…\u003c/p\u003e\n","date_modified":"2026-03-31T01:16:34Z","date_published":"2026-03-31T01:16:34Z","id":"/briefs/2026-03-basercms-rce/","summary":"baserCMS versions prior to 5.2.3 are vulnerable to arbitrary code execution via a crafted zip file upload through the restore function, leading to unauthenticated remote command execution on the webserver.","title":"baserCMS Pre-Auth Arbitrary Code Execution via Zip Upload (CVE-2025-32957)","url":"https://feed.craftedsignal.io/briefs/2026-03-basercms-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2025-32957","version":"https://jsonfeed.org/version/1.1"}