CVE-2025-32957
Arbitrary Code Execution via Unrestricted File Inclusion in baserCMS Restore Function
Publication date: 2026-03-31
Last updated on: 2026-04-01
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| basercms | basercms | to 5.2.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-32957 is a high-severity vulnerability in baserCMS versions up to 5.2.2. It exists in the restore function, which allows users to upload a .zip file that is automatically extracted. Inside this zip, PHP files can be included using require_once without any validation or filename restrictions. An attacker can craft a malicious PHP file within the zip archive, which gets included and executed, leading to arbitrary remote code execution.
How can this vulnerability impact me? :
This vulnerability allows an attacker with high privileges to execute arbitrary code on the server running baserCMS. This can lead to a compromise of the confidentiality and integrity of the system, as the attacker can run malicious PHP code. However, it does not impact the availability of the system. The attacker does not require user interaction to exploit this vulnerability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the upload and automatic extraction of a .zip file containing malicious PHP files that are included via require_once without validation. Detection can focus on identifying suspicious .zip file uploads and the presence of unexpected PHP files in the restore function's extraction directory.
Commands to detect potential exploitation attempts or presence of malicious files might include:
- Checking for recently uploaded .zip files in the restore upload directory: `ls -lt /path/to/restore/uploads/*.zip`
- Searching extracted files for PHP files that should not be present: `find /path/to/restore/extracted/ -name '*.php'`
- Reviewing web server logs for requests related to the restore function or unusual POST requests uploading .zip files: `grep 'restore' /var/log/apache2/access.log` or equivalent
- Using file integrity monitoring tools to detect unexpected changes in the restore directory.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade baserCMS to version 5.2.3 or later, where this vulnerability has been patched.
Until the upgrade can be performed, consider the following immediate actions:
- Restrict access to the restore function to trusted administrators only.
- Disable or restrict the ability to upload .zip files through the restore function if possible.
- Implement monitoring and alerting on the restore upload directory for suspicious files.
- Review and harden file inclusion mechanisms to prevent inclusion of unvalidated files.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an attacker with high privileges to achieve arbitrary remote code execution, resulting in a compromise of confidentiality and integrity of the affected system.
Such a compromise could lead to unauthorized access to sensitive data, which may impact compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and health information.
However, no specific information about compliance impact or regulatory considerations is provided in the available resources.