CVE-2023-28725
CRITICAL EXPLOITED IN THE WILDGeneral Bytes Crypto App Server <20230120 - RCE
Title source: llmExploitation Summary
CVE-2023-28725 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.
References (7)
Core 7
Core References
Press/Media Coverage
https://arstechnica.com/information-technology/2023/03/hackers-drain-bitcoin-atms-of-1-5-million-by-exploiting-0-day-bug/
Exploit, Vendor Advisory
https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2885222430/Security+Incident+March+17-18th+2023
Issue Tracking
https://twitter.com/generalbytes/status/1637192687160897537
Third Party Advisory
https://web3isgoinggreat.com/single/general-bytes-crypto-atms-exploited-for-over-1-6-million
Press/Media Coverage
https://www.bleepingcomputer.com/news/security/general-bytes-bitcoin-atms-hacked-using-zero-day-15m-stolen/
Release Notes
https://www.generalbytes.com/en/support/changelog
Scores
CVSS v3
9.1
EPSS
0.2061
EPSS Percentile
97.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2023-03-21
InTheWild.io
2023-03-22
CWE
CWE-434
Status
published
Products (1)
generalbytes/crypto_application_server
20230120
Published
Mar 22, 2023
Tracked Since
Feb 18, 2026