CVE-2023-28725

🗓️ 21 Mar 2023 00:00:00Reported by mitreType

General Bytes CAS allows remote attackers to execute arbitrary Java code via Java application upload to /batm/app/admin/standalone/deployments directory, aka BATM-4780

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-28725	22 Mar 202306:48	–	circl
CNNVD	General Bytes Crypto Application Server 代码问题漏洞	21 Mar 202300:00	–	cnnvd
Cvelist	CVE-2023-28725	21 Mar 202300:00	–	cvelist
EUVD	EUVD-2023-32363	3 Oct 202520:07	–	euvd
NVD	CVE-2023-28725	22 Mar 202300:15	–	nvd
Prion	Code injection	22 Mar 202300:15	–	prion
Positive Technologies	PT-2023-21922 · General Bytes · General Bytes Crypto Application Server	21 Mar 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-28725	23 May 202506:03	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2023-28725	21 Mar 202300:00	–	vulncheck_kev
Vulnrichment	CVE-2023-28725	21 Mar 202300:00	–	vulnrichment

NVD

Node

generalbytes crypto_application_serverMatch20230120

Source	Link
generalbytes	www.generalbytes.com/en/support/changelog
arstechnica	www.arstechnica.com/information-technology/2023/03/hackers-drain-bitcoin-atms-of-1-5-million-by-exploiting-0-day-bug/
twitter	www.twitter.com/generalbytes/status/1637192687160897537
generalbytes	www.generalbytes.atlassian.net/wiki/spaces/ESD/pages/2885222430/Security+Incident+March+17-18th+2023
generalbytes	www.generalbytes.atlassian.net/wiki/spaces/ESD/pages/951418958/Update+CAS
web3isgoinggreat	www.web3isgoinggreat.com/single/general-bytes-crypto-atms-exploited-for-over-1-6-million
bleepingcomputer	www.bleepingcomputer.com/news/security/general-bytes-bitcoin-atms-hacked-using-zero-day-15m-stolen/

26 Feb 2025 17:15Current

9.3High risk

Vulners AI Score9.3

CVSS 3.19.1

EPSS0.00819

SSVC

CWE-434