CVE-2025-0364

CRITICAL

BigAntSoft BigAnt Server <5.6.06 - RCE

Title source: llm

Description

BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.

Exploits (1)

nomisec WORKING POC 6 stars
by vulncheck-oss · poc
https://github.com/vulncheck-oss/cve-2025-0364

References (2)

Scores

CVSS v3 9.8
EPSS 0.2233
EPSS Percentile 95.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-288
Status published
Products (1)
bigantsoft/bigant_server < 5.6.06
Published Feb 04, 2025
Tracked Since Feb 18, 2026