1. About the Vulnerability
| Vulnerability Name |
WordPress Bricks Builder Remote Code Execution Vulnerability (CVE-2024-25600) |
|---|---|
| Release Date |
February 26, 2024 |
| Component Name |
Bricks Builder |
| Affected Versions |
Bricks Builder ≤ 1.9.6 |
| Vulnerability Type |
Remote Code Execution Vulnerability |
| Severity |
CVSS v3 Base Score: 9.8 (Critical) |
2. About CVE-2024-25600
2.1 About the Component
Bricks Builder is a development theme for WordPress developed by Bricks. It provides an intuitive drag-and-drop interface for designing and building WordPress websites.
2.2 About the Vulnerability
On February 26, 2024, Sangfor FarSight Labs received notification of the remote code execution vulnerability (CVE-2024-25600) in Bricks Builder, classified as critical (CVSS Score 9.8).
This vulnerability is caused by the improper use of the eval function in PHP code within Bricks Builder. Attackers can exploit this vulnerability by crafting malicious data to execute remote code without authorization, thereby taking over the server.
3. Affected Versions
Bricks Builder ≤ 1.9.6
4. Solutions
4.1 Remediation Solutions
4.1.1 Official Solution
Bricks has released a new version of Bricks Builder, and affected users are strongly recommended to update to the latest version to fix the vulnerability. For more information, visit https://bricksbuilder.io/
4.2 Sangfor Solutions
4.2.1 Security Monitoring
The following Sangfor products and services perform real-time monitoring of assets affected by the WordPress Bricks Builder remote code execution vulnerability (CVE-2024-25600):
- Sangfor Cyber Command (Network Detection and Response)
- Sangfor Cyber Guardian (Managed Detection and Response)
4.2.2 Security Protection
The following Sangfor products and services provide protection against the WordPress Bricks Builder remote code execution vulnerability (CVE-2024-25600):
- Sangfor Network Secure (Next-Generation Firewall)
- Sangfor Cyber Guardian (Managed Detection and Response)
5. Timeline
On February 26, 2024, Sangfor FarSight Labs received notification of the WordPress Bricks Builder remote code execution vulnerability (CVE-2024-25600).
On February 26, 2024, Sangfor FarSight Labs released a vulnerability alert.
On February 28, 2024, Sangfor FarSight Labs released remediation solutions.
6. References
https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6
7. About Sangfor FarSight Labs
Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.
