CVE-2018-25332

CRITICAL

GitBucket 4.23.1 Unauthenticated Remote Code Execution

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25332. PoCs published by Kacper Szurek.

AI-analyzed exploit summary This exploit abuses a weak secret token in GitBucket 4.23.1 to achieve unauthenticated remote code execution by uploading a malicious JAR file via the Git LFS endpoint. It brute-forces a Blowfish key to bypass authentication and deploys a plugin for command execution.

Description

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs endpoint, and execute system commands through an exposed exploit endpoint.

Exploits (1)

exploitdb WORKING POC

by Kacper Szurek · pythonwebappsjava

https://www.exploit-db.com/exploits/44668

View Code ZIP pw:eip

This exploit abuses a weak secret token in GitBucket 4.23.1 to achieve unauthenticated remote code execution by uploading a malicious JAR file via the Git LFS endpoint. It brute-forces a Blowfish key to bypass authentication and deploys a plugin for command execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GitBucket 4.23.1

No auth needed

Prerequisites: Target must be running on Windows · GitBucket instance must be accessible · Exploit JAR file must be present

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 17, 2026 Full analysis →

References (4)

Core 4

Core References

Product product

Official Product Homepage

https://security.szurek.pl/

Product product

Product Reference

https://github.com/gitbucket/gitbucket

Third Party Advisory third-party-advisory

VulnCheck Advisory: GitBucket 4.23.1 Unauthenticated Remote Code Execution

https://www.vulncheck.com/advisories/gitbucket-unauthenticated-remote-code-execution

Exploit exploit

ExploitDB-44668

https://www.exploit-db.com/exploits/44668

Scores

CVSS v3 9.8

EPSS 0.0046

EPSS Percentile 36.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (2)

gitbucket/gitbucket < 4.24.0

gitbucket/GitBucket 4.23.1

Published May 17, 2026

Tracked Since May 17, 2026