CVE-2023-28725
CRITICAL EXPLOITED IN THE WILDGeneral Bytes Crypto App Server <20230120 - RCE
Title source: llmDescription
General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.
References (7)
Core 7
Core References
Press/Media Coverage
https://arstechnica.com/information-technology/2023/03/hackers-drain-bitcoin-atms-of-1-5-million-by-exploiting-0-day-bug/
Exploit, Vendor Advisory
https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2885222430/Security+Incident+March+17-18th+2023
Issue Tracking
https://twitter.com/generalbytes/status/1637192687160897537
Third Party Advisory
https://web3isgoinggreat.com/single/general-bytes-crypto-atms-exploited-for-over-1-6-million
Press/Media Coverage
https://www.bleepingcomputer.com/news/security/general-bytes-bitcoin-atms-hacked-using-zero-day-15m-stolen/
Release Notes
https://www.generalbytes.com/en/support/changelog
Scores
CVSS v3
9.1
EPSS
0.0220
EPSS Percentile
84.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2023-03-21
InTheWild.io
2023-03-22
CWE
CWE-434
Status
published
Products (1)
generalbytes/crypto_application_server
20230120
Published
Mar 22, 2023
Tracked Since
Feb 18, 2026