Cyber Resilience

CVE-2025-13595

Critical

Published: 25 November 2025

Published
25 November 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0062 70.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13595 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Wordpress (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked in the top 29.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-13595 is a critical vulnerability in the CIBELES AI plugin for WordPress, affecting all versions up to and including 1.10.8. It arises from a missing capability check in the 'actualizador_git.php' file, which allows arbitrary file uploads. This flaw enables attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server, with potential for remote code execution.

Unauthenticated attackers can exploit the vulnerability remotely with low complexity and no user interaction required. By leveraging the lack of access controls, they can upload malicious content via GitHub repository pulls, leading to file overwrites that compromise confidentiality, integrity, and availability. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-434 (Unrestricted Upload of File with Dangerous Type).

Advisories point to mitigation via updating the plugin, with a patch reflected in WordPress Trac changeset 3402311 for CIBELES AI. The plugin's source code in 'actualizador_git.php' is viewable at https://plugins.trac.wordpress.org/browser/cibeles-ai/trunk/actualizador_git.php#L1. Further resources include a proof-of-concept at https://github.com/d0n601/CVE-2025-13595, analysis at https://ryankozak.com/posts/cve-2025-13595/, and Wordfence threat intelligence at https://www.wordfence.com/threat-intel/vulnerabilities/id/b3e89a1c-7606-4391-a389-fa18d0967046?source=cve.

EU & UK References

Vulnerability details

The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub…

more

repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unauthenticated arbitrary file upload via GitHub repository download enables exploitation of public-facing web applications (T1190), ingress of tools/malware by overwriting server files (T1105), and deployment of web shells through malicious plugin file replacement (T1505.003).

CVEs Like This One

CVE-2024-13714Shared CWE-434
CVE-2025-6207Shared CWE-434
CVE-2024-50620Shared CWE-434
CVE-2025-12171Shared CWE-434
CVE-2025-26325Shared CWE-434
CVE-2025-6079Shared CWE-434
CVE-2024-13448Shared CWE-434
CVE-2016-15043Shared CWE-434
CVE-2025-51056Shared CWE-434
CVE-2025-66256Shared CWE-434

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to the 'actualizador_git.php' functionality, directly addressing the missing capability check that allows unauthenticated file uploads.

prevent

Validates inputs to the GitHub repository pull mechanism in 'actualizador_git.php', preventing unrestricted uploads of dangerous files leading to overwrites and RCE.

prevent

Requires timely remediation of the known flaw in CIBELES AI plugin versions up to 1.10.8 via patching, as specified in advisories and WordPress Trac changeset 3402311.

References