Cyber Posture

CVE-2023-53945

HighPublic PoC

Published: 19 December 2025

Published
19 December 2025
Modified
31 December 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0054 67.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a…

more

specified IP and port.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates the improper input validation flaw in the crontab interface that enables authenticated OS command injection.

SI-2 Flaw Remediation good match
prevent

Requires identification, reporting, and correction of the specific flaw allowing arbitrary command injection via the crontab endpoint.

AC-6 Least Privilege partial match
prevent

Enforces least privilege to restrict low-privilege authenticated users from executing arbitrary commands, limiting RCE impact.

Security SummaryAI

CVE-2023-53945 is an authenticated remote code execution vulnerability in BrainyCP version 1.0, stemming from improper input validation in the crontab configuration interface. This flaw, classified under CWE-78 (OS Command Injection), enables logged-in users to inject arbitrary commands via the crontab endpoint. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), highlighting its high severity due to network accessibility and significant impact potential.

An attacker with valid low-privilege credentials can exploit this remotely by submitting a malicious command through the crontab interface, such as one that spawns a reverse shell to an attacker-controlled IP and port. No user interaction is required beyond authentication, and the low attack complexity makes it accessible to attackers who have obtained credentials, potentially leading to full server compromise including data exfiltration, persistence, or further lateral movement.

References include the vendor site at https://brainycp.io, a proof-of-concept exploit at https://www.exploit-db.com/exploits/51357, and a VulnCheck advisory at https://www.vulncheck.com/advisories/brainycp-remote-code-execution-via-authenticated-crontab-manipulation detailing the authenticated crontab manipulation vector. A public exploit on Exploit-DB indicates active interest from the security research community.

Details

CWE(s)
CWE-78

Affected Products

brainycp
brainycp
1.0

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
T1053.003 Cron Execution
Adversaries may abuse the <code>cron</code> utility to perform task scheduling for initial or recurring execution of malicious code.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Authenticated OS command injection vulnerability in the remote web-based crontab interface of BrainyCP enables exploitation of public-facing applications/remote services (T1190/T1210), Unix shell execution (T1059.004), cron job abuse (T1053.003), and privilege escalation from low-priv credentials to full compromise (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References