CVE-2025-11521
Published: 11 November 2025
Summary
CVE-2025-11521 is a high-severity Improper Authorization (CWE-285) vulnerability in Wordpress (inferred from references). Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-11521 is an arbitrary file upload vulnerability in the Astra Security Suite – Firewall & Malware Scan plugin for WordPress, affecting all versions up to and including 0.2. The flaw arises from insufficient validation of remote URLs used for zip downloads combined with an easily guessable key, enabling attackers to place arbitrary files on the server. Published on 2025-11-11, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-285 (Improper Authorization).
Unauthenticated attackers can exploit this vulnerability remotely with high attack complexity but no privileges or user interaction needed. By leveraging the weak validation and guessable key, they can upload arbitrary files to the WordPress site's server, which may result in remote code execution depending on the file type and server configuration.
Mitigation details and patch information are available in advisories such as the Wordfence threat intelligence report at https://www.wordfence.com/threat-intel/vulnerabilities/id/f99a6b5c-e95d-49d0-a4b2-1d7188447da1?source=cve and the plugin page at https://wordpress.org/plugins/getastra/. Security practitioners should review these sources for updates and remediation steps.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-60923
Vulnerability details
The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and including,…
more
0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables unauthenticated arbitrary file uploads through a public-facing WordPress plugin, directly facilitating T1190: Exploit Public-Facing Application, potentially leading to RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the insufficient validation of remote URLs for zip downloads that enables arbitrary file uploads.
Requires timely identification, reporting, and remediation of the plugin flaw to eliminate the vulnerability.
Deploys malicious code protection at entry points to detect and block arbitrary malicious files uploaded via the vulnerability.