CVE-2025-23944
Published: 22 January 2025
Summary
CVE-2025-23944 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-23944 is a Deserialization of Untrusted Data vulnerability (CWE-502) in the WOOEXIM WordPress plugin developed by bulktheme, enabling Object Injection. The issue affects WOOEXIM versions from n/a through 5.0.0, as published on 2025-01-22.
Attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N), without changing scope (S:U). Successful exploitation yields high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with a CVSS v3.1 base score of 8.8, potentially allowing object injection leading to severe compromise such as arbitrary code execution.
The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/wooexim/vulnerability/wordpress-wooexim-plugin-5-0-0-php-object-injection-vulnerability?_s_id=cve details the PHP Object Injection vulnerability in the WordPress WOOEXIM plugin version 5.0.0.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-3558
Vulnerability details
Deserialization of Untrusted Data vulnerability in bulktheme WOOEXIM wooexim allows Object Injection.This issue affects WOOEXIM: from n/a through <= 5.0.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote PHP object injection flaw in a public-facing WordPress plugin that directly enables exploitation of public-facing applications leading to arbitrary code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents deserialization of untrusted data by requiring validation of all information inputs to block malicious object injection in the WOOEXIM plugin.
Mitigates the specific PHP object injection vulnerability through identification, reporting, and timely patching of the affected WOOEXIM versions up to 5.0.0.
Provides memory protections such as non-execution and randomization to limit successful exploitation of object injection leading to arbitrary code execution.