CVE-2023-53945

HighPublic PoCRCE

Published: 19 December 2025

Published

19 December 2025

Modified

31 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0041 61.7th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-53945 is a high-severity OS Command Injection (CWE-78) vulnerability in Brainycp Brainycp. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 4 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates the improper input validation flaw in the crontab interface that enables authenticated OS command injection.

SI-2 Flaw Remediation good match

prevent

Requires identification, reporting, and correction of the specific flaw allowing arbitrary command injection via the crontab endpoint.

AC-6 Least Privilege partial match

prevent

Enforces least privilege to restrict low-privilege authenticated users from executing arbitrary commands, limiting RCE impact.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1053.003 Cron Execution

Adversaries may abuse the <code>cron</code> utility to perform task scheduling for initial or recurring execution of malicious code.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Authenticated OS command injection vulnerability in the remote web-based crontab interface of BrainyCP enables exploitation of public-facing applications/remote services (T1190/T1210), Unix shell execution (T1059.004), cron job abuse (T1053.003), and privilege escalation from low-priv credentials to full compromise (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a…

specified IP and port.

Deeper analysisAI

CVE-2023-53945 is an authenticated remote code execution vulnerability in BrainyCP version 1.0, stemming from improper input validation in the crontab configuration interface. This flaw, classified under CWE-78 (OS Command Injection), enables logged-in users to inject arbitrary commands via the crontab endpoint. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), highlighting its high severity due to network accessibility and significant impact potential.

An attacker with valid low-privilege credentials can exploit this remotely by submitting a malicious command through the crontab interface, such as one that spawns a reverse shell to an attacker-controlled IP and port. No user interaction is required beyond authentication, and the low attack complexity makes it accessible to attackers who have obtained credentials, potentially leading to full server compromise including data exfiltration, persistence, or further lateral movement.

References include the vendor site at https://brainycp.io, a proof-of-concept exploit at https://www.exploit-db.com/exploits/51357, and a VulnCheck advisory at https://www.vulncheck.com/advisories/brainycp-remote-code-execution-via-authenticated-crontab-manipulation detailing the authenticated crontab manipulation vector. A public exploit on Exploit-DB indicates active interest from the security research community.