cvedb.io
CVE-2023-28725
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2023-03-22T00:15:12.907 · Last modified 2026-06-17T05:48:38.353

Summary

General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.

Affected products

generalbytes — crypto_application_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when generalbytes ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.