CVE-2025-32957

Name of the Vulnerable Software and Affected Versions baserCMS versions prior to 5.2.3

Description baserCMS is a website development framework. The application’s restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file within the archive is included using the require once function without validating or restricting the filename. An attacker can craft a malicious PHP file within the .zip archive and achieve arbitrary code execution when it is included. The require once function is used to include the PHP file. The vulnerability is exploitable through malicious .zip file uploads.

Recommendations Versions prior to 5.2.3 should be updated to version 5.2.3.