CVE-2018-25332

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs endpoint, and execute system commands through an exposed exploit endpoint.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/gitbucket/gitbucket	Product
https://security.szurek.pl/	Not Applicable Press/Media Coverage
https://www.exploit-db.com/exploits/44668	Exploit Patch
https://www.vulncheck.com/advisories/gitbucket-unauthenticated-remote-code-execution	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gitbucket:gitbucket:*:*:*:*:*:*:*:*

History

27 May 2026, 20:44

Type	Values Removed	Values Added
First Time		Gitbucket Gitbucket gitbucket
CPE		cpe:2.3:a:gitbucket:gitbucket::::::::
References	~~() https://github.com/gitbucket/gitbucket -~~	() https://github.com/gitbucket/gitbucket - Product
References	~~() https://security.szurek.pl/ -~~	() https://security.szurek.pl/ - Not Applicable, Press/Media Coverage
References	~~() https://www.exploit-db.com/exploits/44668 -~~	() https://www.exploit-db.com/exploits/44668 - Exploit, Patch
References	~~() https://www.vulncheck.com/advisories/gitbucket-unauthenticated-remote-code-execution -~~	() https://www.vulncheck.com/advisories/gitbucket-unauthenticated-remote-code-execution - Third Party Advisory

17 May 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-17 13:16

Updated : 2026-05-27 20:44

NVD link : CVE-2018-25332

Mitre link : CVE-2018-25332

CVE.ORG link : CVE-2018-25332

JSON object : View

Products Affected

gitbucket

gitbucket

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2018-25332", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-05-17T13:16:44.840", "references": [{"url": "https://github.com/gitbucket/gitbucket", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://security.szurek.pl/", "tags": ["Not Applicable", "Press/Media Coverage"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/44668", "tags": ["Exploit", "Patch"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/gitbucket-unauthenticated-remote-code-execution", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs endpoint, and execute system commands through an exposed exploit endpoint."}], "lastModified": "2026-05-27T20:44:54.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitbucket:gitbucket:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AFD6583-CF86-40E1-9CEB-E06847B768AB", "versionEndExcluding": "4.24.0"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}