Cyber Resilience

CVE-2025-1785

Medium

Published: 13 March 2025

Published
13 March 2025
Modified
08 July 2025
KEV Added
Patch
CVSS Score v3.1 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
EPSS Score 0.0056 68.6th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1785 is a medium-severity Path Traversal (CWE-22) vulnerability in W3Eden Download Manager. Its CVSS base score is 5.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-1785, published on 2025-03-13, is a directory traversal vulnerability (CWE-22) in the Download Manager plugin for WordPress, affecting all versions up to and including 3.3.08. The flaw exists in the 'wpdm_newfile' action, which allows authenticated attackers to overwrite select file types outside the originally intended directory. The vulnerability has a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).

Attackers with Author-level access or higher can exploit this issue remotely over the network with low attack complexity and no user interaction required. Successful exploitation enables overwriting files outside the plugin's designated directory, resulting in limited impacts to integrity and availability, which may lead to denial of service conditions.

Advisories and patch details are documented in the WordPress plugins trac changeset 3252990 and Wordfence threat intelligence page for the vulnerability (ID bc5c7974-4c10-4880-8823-2accee3c0da4).

EU & UK References

Vulnerability details

The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types…

more

outside of the originally intended directory, which may cause a denial of service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Directory traversal allowing file overwrite outside intended directory in public-facing WordPress plugin directly enables exploitation of the application (T1190) and stored data manipulation via integrity impact (T1565.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-40518Shared CWE-22
CVE-2026-32274Shared CWE-22
CVE-2026-28791Shared CWE-22
CVE-2026-44243Shared CWE-22
CVE-2025-61686Shared CWE-22
CVE-2026-33656Shared CWE-22
CVE-2026-26187Shared CWE-22
CVE-2026-33344Shared CWE-22
CVE-2025-64075Shared CWE-22
CVE-2024-53537Shared CWE-22

Affected Assets

w3eden
download manager
≤ 3.3.09

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates file path inputs in the 'wpdm_newfile' action to block directory traversal attempts and prevent unauthorized file overwrites.

prevent

Requires timely remediation of the specific directory traversal flaw in the Download Manager plugin via patching as documented in the WordPress trac changeset.

prevent

Enforces logical access controls on file system resources to restrict writes to only the intended plugin directory, mitigating traversal-based overwrites.

References