Cyber Resilience

CVE-2025-22784

High

Published: 15 January 2025

Published
15 January 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0032 55.0th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22784 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-22784 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the Background Control WordPress plugin developed by swedish boy. The flaw enables path traversal and affects all versions of the plugin up to and including 1.0.5.

Remote unauthenticated attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required, as reflected in its CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). Exploitation allows attackers to perform arbitrary file deletion on the target system, resulting in high-impact disruption to availability.

The Patchstack advisory documents this as a CSRF-to-arbitrary-file-deletion vulnerability specifically in Background Control plugin version 1.0.5 and provides details on the issue.

EU & UK References

Vulnerability details

Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through <= 1.0.5.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Why these techniques?

CSRF with path traversal in public-facing WordPress plugin enables remote unauthenticated arbitrary file deletion causing availability impact, directly mapping to exploitation of public-facing apps (T1190) and data destruction (T1485).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-13684Shared CWE-352
CVE-2025-55046Shared CWE-352
CVE-2026-40883Shared CWE-352
CVE-2025-7667Shared CWE-352
CVE-2024-13707Shared CWE-352
CVE-2024-37102Shared CWE-352
CVE-2024-37450Shared CWE-352
CVE-2025-23558Shared CWE-352
CVE-2025-68722Shared CWE-352
CVE-2025-31440Shared CWE-352

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring identification, reporting, and timely patching of the CSRF-to-arbitrary-file-deletion flaw in the Background Control WordPress plugin.

prevent

Prevents CSRF exploitation by enforcing session authenticity mechanisms such as unique session identifiers and anti-replay protections.

prevent

Blocks path traversal payloads in CSRF requests by validating all information inputs to prevent arbitrary file deletion.

References