CVE-2025-0428
Published: 22 January 2025
Summary
CVE-2025-0428 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Aipower Aipower. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 41.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is a PHP Object Injection flaw in the "AI Power: Complete AI Pack" plugin for WordPress, affecting versions through 1.8.96. It stems from unsafe deserialization of untrusted input supplied via the $form['post_content'] variable inside the wpaicg_export_prompts function, which is tracked under CWE-502. The plugin itself contains no POP chain, so the issue is only exploitable to its full extent when another plugin or theme on the same site supplies one.
An attacker with administrative privileges can supply a crafted serialized object through the affected export function. Successful exploitation with a usable POP chain present elsewhere on the target could permit deletion of arbitrary files, disclosure of sensitive data, or arbitrary code execution; the CVSS 7.2 score reflects the high impact under these conditions.
The referenced WordPress plugin changeset documents the fix that was applied to the wpaicg_export_prompts code path, while the Wordfence advisory supplies additional technical detail for detection and remediation.
EPSS for the CVE rose from a low baseline to a peak of 0.0147 on 2025-12-11 before receding, indicating that exploitation interest increased several months after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1662
Vulnerability details
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_prompts function. This allows authenticated attackers, with…
more
administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
PHP Object Injection via deserialization facilitates retrieval of sensitive data from the local system (T1005), arbitrary code execution via PHP interpreter (T1059), and arbitrary file deletion (T1070.004) when chained with a POP chain from other plugins/themes.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely patching and remediation of the PHP Object Injection flaw in the AI Power WordPress plugin versions up to 1.8.96, directly eliminating the vulnerability as per advisories.
Mandates validation of untrusted inputs such as $form['post_content'] prior to deserialization, preventing injection of malicious PHP objects.
Enables vulnerability scanning to identify CVE-2025-0428 in the plugin and potential POP chains in other components, facilitating remediation.