Cyber Resilience

CVE-2025-13597

Critical

Published: 25 November 2025

Published
25 November 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0062 70.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13597 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Wordpress (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-13597 is an arbitrary file upload vulnerability in the AI Feeds plugin for WordPress, affecting all versions up to and including 1.0.11. The issue stems from a missing capability check in the 'actualizador_git.php' file, which enables attackers to upload files without authentication. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type).

Unauthenticated attackers can exploit this vulnerability remotely with low complexity to download arbitrary GitHub repositories and overwrite plugin files on the affected WordPress site's server. This capability may lead to remote code execution, granting attackers significant control over the server.

Advisories and patches for mitigation are detailed in referenced sources, including the CVE's GitHub repository, the plugin's source code in WordPress trac, a specific changeset (3402321) in the ai-feeds plugin, a technical blog post by Ryan Kozak, and Wordfence threat intelligence. Security practitioners should review these for patch deployment and updated plugin versions.

EU & UK References

Vulnerability details

The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub…

more

repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1608.001 Upload Malware Resource Development
Adversaries may upload malware to third-party or adversary controlled infrastructure to make it accessible during targeting.
Why these techniques?

The vulnerability enables unauthenticated exploitation of a public-facing WordPress application (T1190), uploading/staging malware from GitHub repositories (T1608.001), and overwriting plugin files to deploy web shells or malicious server components for RCE and persistence (T1100, T1505.003).

CVEs Like This One

CVE-2024-13714Shared CWE-434
CVE-2024-57968Shared CWE-434
CVE-2026-30821Shared CWE-434
CVE-2025-13595Shared CWE-434
CVE-2025-26350Shared CWE-434
CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring timely remediation of the known flaw in the AI Feeds plugin through patching and updates.

prevent

Prevents arbitrary file uploads by validating all inputs to the actualizador_git.php endpoint, rejecting dangerous GitHub repository files.

prevent

Enforces the missing capability checks in actualizador_git.php to block unauthenticated access and file overwrite attempts.

References