CVE-2025-13595
Published: 25 November 2025
Summary
CVE-2025-13595 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Wordpress (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked in the top 29.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-13595 is a critical vulnerability in the CIBELES AI plugin for WordPress, affecting all versions up to and including 1.10.8. It arises from a missing capability check in the 'actualizador_git.php' file, which allows arbitrary file uploads. This flaw enables attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server, with potential for remote code execution.
Unauthenticated attackers can exploit the vulnerability remotely with low complexity and no user interaction required. By leveraging the lack of access controls, they can upload malicious content via GitHub repository pulls, leading to file overwrites that compromise confidentiality, integrity, and availability. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-434 (Unrestricted Upload of File with Dangerous Type).
Advisories point to mitigation via updating the plugin, with a patch reflected in WordPress Trac changeset 3402311 for CIBELES AI. The plugin's source code in 'actualizador_git.php' is viewable at https://plugins.trac.wordpress.org/browser/cibeles-ai/trunk/actualizador_git.php#L1. Further resources include a proof-of-concept at https://github.com/d0n601/CVE-2025-13595, analysis at https://ryankozak.com/posts/cve-2025-13595/, and Wordfence threat intelligence at https://www.wordfence.com/threat-intel/vulnerabilities/id/b3e89a1c-7606-4391-a389-fa18d0967046?source=cve.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-199661
Vulnerability details
The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub…
more
repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated arbitrary file upload via GitHub repository download enables exploitation of public-facing web applications (T1190), ingress of tools/malware by overwriting server files (T1105), and deployment of web shells through malicious plugin file replacement (T1505.003).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for access to the 'actualizador_git.php' functionality, directly addressing the missing capability check that allows unauthenticated file uploads.
Validates inputs to the GitHub repository pull mechanism in 'actualizador_git.php', preventing unrestricted uploads of dangerous files leading to overwrites and RCE.
Requires timely remediation of the known flaw in CIBELES AI plugin versions up to 1.10.8 via patching, as specified in advisories and WordPress Trac changeset 3402311.