CVE-2023-28725

Name: CVE-2023-28725
Creator: NVD / NIST
Published: 2023-03-22T00:15:12.907+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.1/10EPSS 20.61%

Last modified Jun 17, 2026

CVE-2023-28725 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.. EPSS estimates a 20.61% chance of exploitation in the next 30 days.

Description

General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.

Metrics

CVSS 3.1

9.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Probability

20.61%

97.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Generalbytes	Crypto Application Server	20230120

References

https://arstechnica.com/information-technology/2023/03/hackers-drain-bitcoin-atms-of-1-5-million-by-exploiting-0-day-bug/Press/Media Coverage
https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2885222430/Security+Incident+March+17-18th+2023Exploit, Vendor Advisory
https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/951418958/Update+CASMitigation
https://twitter.com/generalbytes/status/1637192687160897537Issue Tracking
https://web3isgoinggreat.com/single/general-bytes-crypto-atms-exploited-for-over-1-6-millionThird Party Advisory
https://www.bleepingcomputer.com/news/security/general-bytes-bitcoin-atms-hacked-using-zero-day-15m-stolen/Press/Media Coverage
https://www.generalbytes.com/en/support/changelogRelease Notes
https://arstechnica.com/information-technology/2023/03/hackers-drain-bitcoin-atms-of-1-5-million-by-exploiting-0-day-bug/Press/Media Coverage
https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2885222430/Security+Incident+March+17-18th+2023Exploit, Vendor Advisory
https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/951418958/Update+CASMitigation
https://twitter.com/generalbytes/status/1637192687160897537Issue Tracking
https://web3isgoinggreat.com/single/general-bytes-crypto-atms-exploited-for-over-1-6-millionThird Party Advisory
https://www.bleepingcomputer.com/news/security/general-bytes-bitcoin-atms-hacked-using-zero-day-15m-stolen/Press/Media Coverage
https://www.generalbytes.com/en/support/changelogRelease Notes

Timeline

Published: Mar 22, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-28725?

How severe is CVE-2023-28725?

CVE-2023-28725 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 20.61% probability of exploitation in the next 30 days.

How do I fix CVE-2023-28725?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-28725?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST