Cyber Resilience

CVE-2025-0428

HighRCE

Published: 22 January 2025

Published
22 January 2025
Modified
24 January 2025
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0036 58.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0428 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Aipower Aipower. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 41.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is a PHP Object Injection flaw in the "AI Power: Complete AI Pack" plugin for WordPress, affecting versions through 1.8.96. It stems from unsafe deserialization of untrusted input supplied via the $form['post_content'] variable inside the wpaicg_export_prompts function, which is tracked under CWE-502. The plugin itself contains no POP chain, so the issue is only exploitable to its full extent when another plugin or theme on the same site supplies one.

An attacker with administrative privileges can supply a crafted serialized object through the affected export function. Successful exploitation with a usable POP chain present elsewhere on the target could permit deletion of arbitrary files, disclosure of sensitive data, or arbitrary code execution; the CVSS 7.2 score reflects the high impact under these conditions.

The referenced WordPress plugin changeset documents the fix that was applied to the wpaicg_export_prompts code path, while the Wordfence advisory supplies additional technical detail for detection and remediation.

EPSS for the CVE rose from a low baseline to a peak of 0.0147 on 2025-12-11 before receding, indicating that exploitation interest increased several months after public disclosure.

EU & UK References

Vulnerability details

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_prompts function. This allows authenticated attackers, with…

more

administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
Why these techniques?

PHP Object Injection via deserialization facilitates retrieval of sensitive data from the local system (T1005), arbitrary code execution via PHP interpreter (T1059), and arbitrary file deletion (T1070.004) when chained with a POP chain from other plugins/themes.

CVEs Like This One

CVE-2025-0429Same product: Aipower Aipower
CVE-2024-13361Same product: Aipower Aipower
CVE-2026-33725Shared CWE-502
CVE-2024-12029Shared CWE-502
CVE-2026-29782Shared CWE-502
CVE-2026-42778Shared CWE-502
CVE-2025-68047Shared CWE-502
CVE-2026-22345Shared CWE-502
CVE-2024-28988Shared CWE-502
CVE-2026-47161Shared CWE-502

Affected Assets

aipower
aipower
≤ 1.8.97

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely patching and remediation of the PHP Object Injection flaw in the AI Power WordPress plugin versions up to 1.8.96, directly eliminating the vulnerability as per advisories.

prevent

Mandates validation of untrusted inputs such as $form['post_content'] prior to deserialization, preventing injection of malicious PHP objects.

detect

Enables vulnerability scanning to identify CVE-2025-0428 in the plugin and potential POP chains in other components, facilitating remediation.

References