CVE-2023-53895

CriticalPublic PoC

Published: 16 December 2025

Published

16 December 2025

Modified

30 December 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0050 66.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-53895 is a critical-severity Improper Authorization (CWE-285) vulnerability in Potsky Pimp My Log. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations on the configuration endpoint to prevent unauthorized admin account creation.

AC-2 Account Management good match

prevent

Requires management processes that prohibit unauthorized creation of admin accounts, including backdoor accounts.

SI-10 Information Input Validation partial match

prevent

Validates inputs to the username field to block malicious JavaScript injection during account creation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is an improper access control flaw in a public-facing web application's configuration endpoint, allowing unauthenticated remote attackers to create admin accounts, directly enabling T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account, and potentially…

access sensitive server-side log information and environmental variables.

Deeper analysisAI

CVE-2023-53895 is an improper access control vulnerability (CWE-285) in PimpMyLog version 1.7.14. The flaw resides in the configuration endpoint, which permits remote attackers to create admin accounts without any authorization. Additionally, the unsanitized username field allows injection of malicious JavaScript, enabling further compromise.

Remote attackers require only network access to exploit this vulnerability, with no privileges, user interaction, or special conditions needed (CVSS v3.1 score of 9.8: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation lets attackers create hidden backdoor admin accounts via JavaScript injection, potentially granting access to sensitive server-side log information and environmental variables.

Advisories and resources, including the VulnCheck advisory at https://www.vulncheck.com/advisories/pimpmylog-improper-access-control-via-account-creation-endpoint, the project site at https://www.pimpmylog.com/, and GitHub repository at https://github.com/potsky/PimpMyLog, provide details on mitigation. A public proof-of-concept exploit is documented at https://www.exploit-db.com/exploits/51593.