CVE-2025-0364CRITICAL 9.8EPSS p75.4%

CVE-2025-0364CVE-2025-0364

Description

BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS1.78% probability of exploitation · percentile 75.4% · 2026-06-19T12:03:05Z
Published2025-02-04
Last modified2025-09-29

Underlying weaknesses· 1

CWE-288

References

  1. https://vulncheck.com/advisories/big-ant-upload-rce
  2. https://github.com/vulncheck-oss/cve-2025-0364

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass Using an Alternate Path or Channelcwe-2880%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-5583
CVE
CVE-2025-34506
CVE
CVE-2025-60803
CVE
CVE-2025-70364
CVE
CVE-2025-67084
CVE
CVE-2026-31049
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.