CVE-2023-53875

HighPublic PoC

Published: 15 December 2025

Published

15 December 2025

Modified

18 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0023 46.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-53875 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Gomlab Gom Player. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 46.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-21 (Secure Name/Address Resolution Service (Recursive or Caching Resolver)).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the RCE vulnerability in GOM Player's IE component by requiring timely patching or updates to eliminate the flaw.

SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver) partial match

prevent

Mitigates DNS spoofing attacks by enforcing secure DNS resolution with validation on caching resolvers, preventing redirection to malicious URLs.

SI-3 Malicious Code Protection partial match

preventdetect

Deploys malicious code protection mechanisms to scan for and block exploit payloads, reverse shells, or arbitrary code execution triggered via the IE component.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

The vulnerability is a remote code execution flaw in GOM Player's Internet Explorer component, exploited via malicious URL shortcut and WebDAV for arbitrary code execution with user interaction, directly enabling Exploitation for Client Execution (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse…

shell with SMB server interaction.

Deeper analysisAI

CVE-2023-53875 is a remote code execution vulnerability in GOM Player version 2.3.90.5360, specifically within its Internet Explorer component. The flaw enables attackers to execute arbitrary code through DNS spoofing, as documented with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H) and mapped to CWE-319.

Remote attackers without privileges can exploit the vulnerability by redirecting victims to a malicious URL shortcut combined with a WebDAV technique. This interaction triggers a reverse shell execution involving SMB server communication, granting high-impact access to confidentiality, integrity, and availability on the victim's system, provided the user interacts with the crafted content.

References include a proof-of-concept exploit at https://www.exploit-db.com/exploits/51719, the vendor site at https://www.gomlab.com/, and a VulnCheck advisory at https://www.vulncheck.com/advisories/gom-player-remote-code-execution-via-insecure-ie-component, though specific patch or mitigation guidance is not detailed in the available information.