Cyber Resilience

CVE-2023-53875

HighPublic PoC

Published: 15 December 2025

Published
15 December 2025
Modified
18 December 2025
KEV Added
Patch
CVSS Score v4 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0029 52.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-53875 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Gomlab Gom Player. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 47.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-21 (Secure Name/Address Resolution Service (Recursive or Caching Resolver)).

Deeper analysis

CVE-2023-53875 is a remote code execution vulnerability in GOM Player version 2.3.90.5360, specifically within its Internet Explorer component. The flaw enables attackers to execute arbitrary code through DNS spoofing, as documented with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H) and mapped to CWE-319.

Remote attackers without privileges can exploit the vulnerability by redirecting victims to a malicious URL shortcut combined with a WebDAV technique. This interaction triggers a reverse shell execution involving SMB server communication, granting high-impact access to confidentiality, integrity, and availability on the victim's system, provided the user interacts with the crafted content.

References include a proof-of-concept exploit at https://www.exploit-db.com/exploits/51719, the vendor site at https://www.gomlab.com/, and a VulnCheck advisory at https://www.vulncheck.com/advisories/gom-player-remote-code-execution-via-insecure-ie-component, though specific patch or mitigation guidance is not detailed in the available information.

EU & UK References

Vulnerability details

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse…

more

shell with SMB server interaction.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

The vulnerability is a remote code execution flaw in GOM Player's Internet Explorer component, exploited via malicious URL shortcut and WebDAV for arbitrary code execution with user interaction, directly enabling Exploitation for Client Execution (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23661Shared CWE-319
CVE-2025-13718Shared CWE-319
CVE-2025-2861Shared CWE-319
CVE-2020-36917Shared CWE-319
CVE-2024-36558Shared CWE-319
CVE-2026-24212Shared CWE-319
CVE-2025-70048Shared CWE-319
CVE-2024-44276Shared CWE-319
CVE-2025-69272Shared CWE-319
CVE-2025-24849Shared CWE-319

Affected Assets

gomlab
gom player
2.3.90.5360

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the RCE vulnerability in GOM Player's IE component by requiring timely patching or updates to eliminate the flaw.

prevent

Mitigates DNS spoofing attacks by enforcing secure DNS resolution with validation on caching resolvers, preventing redirection to malicious URLs.

preventdetect

Deploys malicious code protection mechanisms to scan for and block exploit payloads, reverse shells, or arbitrary code execution triggered via the IE component.

References