cbcvebase.
CVE-2020-25453
published 2020-09-15

CVE-2020-25453: An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.

PriorityP260high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
6.28%
92.7th percentile
An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.

Affected

1 ranges
VendorProductVersion rangeFixed in
blackcat-cmsblackcat_cms< 1.41.4

Detection & IOCsextracted from sources · hover to see the quote

othercsrf_token (empty/removed)
  • Detect CSRF exploitation attempts against BlackCat CMS by monitoring for POST requests to CMS endpoints where the csrf_token parameter is absent or empty — the PoC explicitly removes the csrf_token value to bypass protection.
  • The vulnerability allows remote arbitrary code execution via CSRF token bypass; alert on unexpected code execution or file write events originating from web server processes running BlackCat CMS versions prior to 1.4.
  • ·The CSRF bypass specifically targets BlackCat CMS versions before 1.4 (confirmed affected version: 1.3.6); detections should be scoped to installations running these versions.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.