https://feed.craftedsignal.io/tags/cve-2025-32957/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 31 Mar 2026 01:16:34 +0000https://feed.craftedsignal.io/briefs/2026-03-basercms-rce/Tue, 31 Mar 2026 01:16:34 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-basercms-rce/baserCMS versions prior to 5.2.3 are vulnerable to arbitrary code execution via a crafted zip file upload through the restore function, leading to unauthenticated remote command execution on the webserver.baserCMS, a website development framework, contains an arbitrary code execution vulnerability in versions prior to 5.2.3. The vulnerability, identified as CVE-2025-32957, lies within the application’s restore function. This function allows users, including potentially unauthenticated users depending on configuration, to upload a .zip file. The uploaded archive is automatically extracted by the application. A PHP file within the extracted archive is then included using require_once without…

]]>criticaladvisorybasercmsrcecve-2025-32957webserver