PatchSiren

PatchSiren cyber security CVE debrief

CVE-2023-6675 National Keep Cyber Security Services CVE debrief

CVE-2023-6675 is a critical unrestricted file upload vulnerability in National Keep CyberMath. The issue affects CyberMath versions from v1.4 before v1.5 and can allow an attacker to upload a dangerous file type, including a web shell, to the web server. Based on the supplied CVSS data, this is a network-reachable, no-authentication, no-user-interaction issue with high impact to confidentiality, integrity, and availability.

Vendor
National Keep Cyber Security Services
Product
CyberMath
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2024-02-02
Original CVE updated
2026-05-20
Advisory published
2024-02-02
Advisory updated
2026-05-20

Who should care

Organizations running CyberMath v1.4 or any version in the affected range should treat this as urgent. Security teams, web application owners, server administrators, and incident response teams should prioritize exposure review, patching, and detection of suspicious uploads or web content changes.

Technical summary

NVD and the supplied advisory data describe an unrestricted upload of file with dangerous type issue, mapped to CWE-434. The vulnerable CPE entry identifies nationalkeep:cybermath:1.4 as affected. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates a remotely reachable flaw that does not require privileges or user interaction and can have severe impact if abused to place executable content on the web server.

Defensive priority

Immediate. If CyberMath is exposed or used in production, move to a fixed release as soon as possible and assume high risk until verified remediated.

Recommended defensive actions

  • Upgrade CyberMath from v1.4 to v1.5 or later, which is outside the affected range in the supplied advisory data.
  • Inventory all internet-facing and internal CyberMath instances to confirm whether v1.4 is deployed.
  • Review upload handling and ensure only expected, non-executable file types are accepted; remove any unnecessary upload functionality.
  • Inspect web roots and application directories for unexpected scripts, web shells, or recently modified files.
  • Review web and application logs for suspicious upload attempts and unusual execution activity.
  • If compromise is suspected, isolate the system, preserve evidence, and rotate credentials associated with the affected server and application.

Evidence notes

The supplied NVD data marks CVE-2023-6675 as modified and includes a vulnerable CPE criterion for cpe:2.3:a:nationalkeep:cybermath:1.4:*:*:*:*:*:*:*. The description states the issue is an unrestricted upload of a dangerous file type allowing web shell upload. A linked USOM advisory and related reference reinforce the same product and issue context. The CVSS vector in the supplied data is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, supporting a high-severity defensive response.

Official resources

CVE published on 2024-02-02 and later modified on 2026-05-20. The supplied source references and advisory links are aligned to that timeline; no exploit details are included here.