CVE-2024-25600 - Vulnerability Details - OpenCVE

Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact total

Vendors	Products
Bricksbuilder	Bricks

No data.

No data.

References

Link	Providers
https://github.com/Chocapikk/CVE-2024-25600
https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT
https://patchstack.com/articles/critical-rce-patched-in-bricks-builder-theme?_s_id=cve
https://patchstack.com/database/vulnerability/bricks/wordpress-bricks-theme-1-9-6-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve
https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6

History

Thu, 03 Jul 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Bricksbuilder Bricksbuilder bricks
CPEs		cpe:2.3:a:bricksbuilder:bricks::::::wordpress::*
Vendors & Products		Bricksbuilder Bricksbuilder bricks
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-06-04T12:51:27.971Z

Updated: 2025-07-03T13:36:17.468Z

Reserved: 2024-02-08T13:14:19.665Z

Link: CVE-2024-25600

Vulnrichment

Updated: 2024-08-01T23:44:09.680Z

NVD

Status : Awaiting Analysis

Published: 2024-06-04T13:15:51.183

Modified: 2024-11-21T09:01:03.307

Link: CVE-2024-25600

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-25600", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-02-08T13:14:19.665Z", "datePublished": "2024-06-04T12:51:27.971Z", "dateUpdated": "2025-07-03T13:36:17.468Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Bricks Builder", "vendor": "Codeer Limited", "versions": [{"changes": [{"at": "1.9.6.1", "status": "unaffected"}], "lessThanOrEqual": "1.9.6", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Snicco (Patchstack Bug Bounty Program)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.<p>This issue affects Bricks Builder: from n/a through 1.9.6.</p>"}], "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6."}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-07-03T13:36:17.468Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/bricks/wordpress-bricks-theme-1-9-6-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve"}, {"tags": ["third-party-advisory", "technical-description"], "url": "https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6"}, {"tags": ["third-party-advisory", "technical-description"], "url": "https://patchstack.com/articles/critical-rce-patched-in-bricks-builder-theme?_s_id=cve"}, {"tags": ["exploit"], "url": "https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT"}, {"tags": ["exploit"], "url": "https://github.com/Chocapikk/CVE-2024-25600"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.9.6.1 or a higher version."}], "value": "Update to 1.9.6.1 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "tags": ["x_open-source", "x_known-exploited-vulnerability"], "title": "WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25600", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-04T15:53:11.913217Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:bricksbuilder:bricks:*:*:*:*:*:wordpress:*:*"], "vendor": "bricksbuilder", "product": "bricks", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.9.6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:35:45.635Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:44:09.680Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/bricks/wordpress-bricks-theme-1-9-6-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve"}, {"tags": ["third-party-advisory", "technical-description", "x_transferred"], "url": "https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6"}, {"tags": ["third-party-advisory", "technical-description", "x_transferred"], "url": "https://patchstack.com/articles/critical-rce-patched-in-bricks-builder-theme?_s_id=cve"}, {"tags": ["exploit", "x_transferred"], "url": "https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT"}, {"tags": ["exploit", "x_transferred"], "url": "https://github.com/Chocapikk/CVE-2024-25600"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/bricks/wordpress-bricks-theme-1-9-6-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6", "tags": ["third-party-advisory", "technical-description", "x_transferred"]}, {"url": "https://patchstack.com/articles/critical-rce-patched-in-bricks-builder-theme?_s_id=cve", "tags": ["third-party-advisory", "technical-description", "x_transferred"]}, {"url": "https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT", "tags": ["exploit", "x_transferred"]}, {"url": "https://github.com/Chocapikk/CVE-2024-25600", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:44:09.680Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25600", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-04T15:53:11.913217Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:bricksbuilder:bricks:*:*:*:*:*:wordpress:*:*"], "vendor": "bricksbuilder", "product": "bricks", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.9.6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T15:55:40.455Z"}}], "cna": {"tags": ["x_open-source", "x_known-exploited-vulnerability"], "title": "WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Snicco (Patchstack Bug Bounty Program)"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Codeer Limited", "product": "Bricks Builder", "versions": [{"status": "affected", "changes": [{"at": "1.9.6.1", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.9.6"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 1.9.6.1 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 1.9.6.1 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/bricks/wordpress-bricks-theme-1-9-6-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}, {"url": "https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6", "tags": ["third-party-advisory", "technical-description"]}, {"url": "https://patchstack.com/articles/critical-rce-patched-in-bricks-builder-theme?_s_id=cve", "tags": ["third-party-advisory", "technical-description"]}, {"url": "https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT", "tags": ["exploit"]}, {"url": "https://github.com/Chocapikk/CVE-2024-25600", "tags": ["exploit"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.", "supportingMedia": [{"type": "text/html", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.<p>This issue affects Bricks Builder: from n/a through 1.9.6.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-07-03T13:36:17.468Z"}}}, "cveMetadata": {"cveId": "CVE-2024-25600", "state": "PUBLISHED", "dateUpdated": "2025-07-03T13:36:17.468Z", "dateReserved": "2024-02-08T13:14:19.665Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-06-04T12:51:27.971Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6."}, {"lang": "es", "value": "La vulnerabilidad de control inadecuado de la generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en Codeer Limited Bricks Builder permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta a Bricks Builder: desde n/a hasta 1.9.6."}], "id": "CVE-2024-25600", "lastModified": "2024-11-21T09:01:03.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2024-06-04T13:15:51.183", "references": [{"source": "audit@patchstack.com", "url": "https://github.com/Chocapikk/CVE-2024-25600"}, {"source": "audit@patchstack.com", "url": "https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT"}, {"source": "audit@patchstack.com", "url": "https://patchstack.com/articles/critical-rce-patched-in-bricks-builder-theme?_s_id=cve"}, {"source": "audit@patchstack.com", "url": "https://patchstack.com/database/vulnerability/bricks/wordpress-bricks-theme-1-9-6-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve"}, {"source": "audit@patchstack.com", "url": "https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/Chocapikk/CVE-2024-25600"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://patchstack.com/articles/critical-rce-patched-in-bricks-builder-theme?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://patchstack.com/database/vulnerability/bricks/wordpress-bricks-theme-1-9-6-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "audit@patchstack.com", "type": "Secondary"}]}