CVE-2023-53875 HIGH

CVE-2023-53875: GOM Player 2.3.90.5360 Remote Code Execution via Insecure IE Component

Vendor Gomlab
Product GOM Player
Weakness CWE-319 · Cleartext transmission
Published December 15, 2025
Last update April 7, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server interaction.

Key dates

02Disclosure timeline

December 15, 2025 CVE published
April 7, 2026 Record updated