Cyber Resilience

CVE-2025-22768

High

Published: 23 January 2025

Published
23 January 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0013 32.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22768 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-22768 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Rocket Media Library Mime Type by JinHan Park, which enables Stored Cross-Site Scripting (XSS). The issue affects all versions of the plugin from its initial release through 2.1.0 and is classified under CWE-352 with a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

An unauthenticated attacker (PR:N) can exploit the vulnerability over the network (AV:N) by tricking a logged-in user, typically an administrator, into visiting a malicious webpage that requires user interaction (UI:R). This triggers a CSRF request to the plugin, allowing the attacker to store an XSS payload in the media library with low complexity (AC:L). The stored payload executes in the context of subsequent users viewing the affected media (S:C), potentially enabling arbitrary JavaScript execution to achieve low-level impacts on confidentiality, integrity, and availability, such as session theft or data exfiltration.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/rocket-media-library-mime-type/vulnerability/wordpress-rocket-media-library-mime-type-plugin-2-1-0-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve documents the CSRF-to-Stored XSS vulnerability in version 2.1.0 and provides details for mitigation in WordPress environments.

EU & UK References

Vulnerability details

Cross-Site Request Forgery (CSRF) vulnerability in JinHan Park Rocket Media Library Mime Type rocket-media-library-mime-type allows Stored XSS.This issue affects Rocket Media Library Mime Type: from n/a through <= 2.1.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
Why these techniques?

The CSRF-to-stored-XSS vulnerability in the public-facing WordPress plugin directly enables exploitation of the application (T1190), arbitrary JavaScript execution via the injected payload (T1059.007), and session cookie theft in victim browsers (T1539).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-28931Shared CWE-352
CVE-2025-23980Shared CWE-352
CVE-2025-23710Shared CWE-352
CVE-2025-23822Shared CWE-352
CVE-2025-25128Shared CWE-352
CVE-2025-31616Shared CWE-352
CVE-2025-23483Shared CWE-352
CVE-2025-23817Shared CWE-352
CVE-2025-23446Shared CWE-352
CVE-2025-23664Shared CWE-352

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces session authenticity mechanisms like CSRF tokens to prevent unauthenticated attackers from tricking logged-in users into storing XSS payloads via forged requests.

prevent

Requires validation of inputs such as mime types to reject malicious payloads that could be stored in the media library and lead to XSS.

prevent

Filters information output from the media library to prevent execution of stored XSS payloads in the context of viewing users' browsers.

References