Summary: Security researchers from VulnCheck have revealed a critical unauthenticated remote code execution (RCE) vulnerability, CVE-2025-0364, in BigAntSoft’s BigAnt Server, allowing attackers to escalate privileges and execute arbitrary code. This vulnerability affects all versions up to BigAnt Server 5.6.06 and is particularly dangerous due to its ease of exploitation with minimal user interaction. BigAntSoft has yet to issue a patch, leaving systems vulnerable to potential attacks.
Affected: BigAntSoft BigAnt Server
Keypoints :
- Critical RCE vulnerability (CVE-2025-0364) with a CVSS score of 9.8.
- Allows attackers to gain full control over systems through a simple CAPTCHA solve.
- Public exploits are available, making it a significant risk for insecure servers.
- No official patch has been released yet by BigAntSoft.
- Temporary mitigation advises disabling SaaS registration and monitoring for suspicious activity.
Source: https://securityonline.info/cve-2025-0364-cvss-9-8-bigant-server-zero-day-public-exploit-confirmed/