This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: BigAntSoft BigAnt Server has a critical flaw allowing **unauthenticated Remote Code Execution (RCE)**.β¦
π’ **Affected**: **BigAntSoft BigAnt Server**. π¦ **Version**: **5.6.06 and earlier**. This is a Windows-hosted on-premises chat solution for business use cases. If you are running this version or older, you are at risk.
Q4What can hackers do? (Privileges/Data)
π **Attacker Capabilities**: With the created admin account, hackers can: 1. **Upload** arbitrary PHP files to the Cloud Storage Add-in. 2. **Execute** this code remotely. 3.β¦
π **Public Exploit**: **YES**. A PoC is available on GitHub (vulncheck-oss/cve-2025-0364). It demonstrates the full chain: Registration Bypass β Admin Account β PHP Upload β RCE.β¦
π **Self-Check**: 1. Scan for **BigAntSoft BigAnt Server** services. 2. Check version number (is it β€ 5.6.06?). 3. Test if the **SaaS registration endpoint** is publicly accessible without strict verification. 4.β¦
π§ **No Patch Workaround**: 1. **Block Access**: Restrict the SaaS registration URL to internal IPs only via firewall. 2. **Disable Registration**: If possible, disable the public registration feature entirely. 3.β¦
π₯ **Urgency**: **CRITICAL / IMMEDIATE ACTION**. With CVSS High severity, low exploitation complexity, and public PoC, this is an **active threat**.β¦