CVE-2025-1785

Medium

Published: 13 March 2025

Published

13 March 2025

Modified

08 July 2025

KEV Added

—

Patch

—

CVSS Score 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

EPSS Score 0.0056 68.2th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1785 is a medium-severity Path Traversal (CWE-22) vulnerability in W3Eden Download Manager. Its CVSS base score is 5.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Validates file path inputs in the 'wpdm_newfile' action to block directory traversal attempts and prevent unauthorized file overwrites.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of the specific directory traversal flaw in the Download Manager plugin via patching as documented in the WordPress trac changeset.

AC-3 Access Enforcement good match

prevent

Enforces logical access controls on file system resources to restrict writes to only the intended plugin directory, mitigating traversal-based overwrites.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1565.001 Stored Data Manipulation Impact

Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.

attack.mitre.org →

Why these techniques?

Directory traversal allowing file overwrite outside intended directory in public-facing WordPress plugin directly enables exploitation of the application (T1190) and stored data manipulation via integrity impact (T1565.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types…

outside of the originally intended directory, which may cause a denial of service.

Deeper analysisAI

CVE-2025-1785, published on 2025-03-13, is a directory traversal vulnerability (CWE-22) in the Download Manager plugin for WordPress, affecting all versions up to and including 3.3.08. The flaw exists in the 'wpdm_newfile' action, which allows authenticated attackers to overwrite select file types outside the originally intended directory. The vulnerability has a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).

Attackers with Author-level access or higher can exploit this issue remotely over the network with low attack complexity and no user interaction required. Successful exploitation enables overwriting files outside the plugin's designated directory, resulting in limited impacts to integrity and availability, which may lead to denial of service conditions.

Advisories and patch details are documented in the WordPress plugins trac changeset 3252990 and Wordfence threat intelligence page for the vulnerability (ID bc5c7974-4c10-4880-8823-2accee3c0da4).