Cyber Resilience

CVE-2023-53871

MediumPublic PoC

Published: 15 December 2025

Published
15 December 2025
Modified
30 December 2025
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0043 63.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-53871 is a medium-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Soosyze Soosyze. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2023-53871 is a file upload vulnerability in Soosyze 2.0.0, a content management system. The flaw allows attackers to upload arbitrary HTML files containing embedded PHP code due to a broken file upload mechanism. Exploitation can also disclose sensitive file paths and enable execution of malicious PHP scripts on the server. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-434 (Unrestricted Upload of File with Dangerous Type).

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful attacks achieve high impacts across confidentiality, integrity, and availability, primarily by executing arbitrary PHP code for potential remote code execution and revealing server file paths.

Advisories, including one from VulnCheck detailing the unrestricted file upload via broken upload logic, provide further technical analysis. An exploit is publicly available on Exploit-DB (ID 51718). Practitioners should review the official Soosyze GitHub repository and website for any patches or remediation guidance.

EU & UK References

Vulnerability details

Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP…

more

scripts on the server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unrestricted file upload in public-facing CMS enables unauthenticated RCE via PHP web shells (T1190, T1100).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434
CVE-2026-2097Shared CWE-434
CVE-2025-12154Shared CWE-434
CVE-2026-42748Shared CWE-434
CVE-2020-36847Shared CWE-434

Affected Assets

soosyze
soosyze
2.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the unrestricted file upload vulnerability by requiring validation of uploaded files to block dangerous types like HTML with embedded PHP code.

prevent

Prevents exploitation by restricting file upload inputs to only safe types and formats, mitigating uploads of executable HTML/PHP files.

preventdetect

Mitigates malicious PHP script execution from uploaded files by scanning for and blocking malicious code at system entry points.

References