Cyber Resilience

CVE-2025-25101

Critical

Published: 07 February 2025

Published
07 February 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0124 79.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25101 is a critical-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Deeper analysis

The vulnerability is a Cross-Site Request Forgery (CSRF) flaw, tracked as CVE-2025-25101, in the MetricThemes Munk Sites WordPress plugin. It affects all versions through 1.0.7 and is assigned CWE-352 with a CVSS 3.1 score of 9.6. The issue permits an attacker to leverage CSRF to perform unauthorized actions, specifically arbitrary plugin installation on the affected site.

An unauthenticated remote attacker can exploit the flaw by crafting a malicious request that is triggered when an authenticated administrator visits a crafted page or link. Successful exploitation grants the attacker the ability to install arbitrary plugins, which can lead to code execution, data compromise, or full site takeover given the reflected scope and high impact on confidentiality, integrity, and availability.

The primary advisory reference from Patchstack characterizes the issue as a CSRF-to-arbitrary-plugin-installation vulnerability and is the source of the coordinated disclosure. No separate vendor patch or mitigation steps are detailed in the available references.

EPSS remains low and unchanged at a peak and current value of 0.0124, indicating no material increase in observed exploitation interest after publication.

EU & UK References

Vulnerability details

Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites munk-sites allows Cross Site Request Forgery.This issue affects Munk Sites: from n/a through <= 1.0.7.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
Why these techniques?

CSRF vulnerability in public-facing WordPress plugin enables exploitation via malicious link to achieve arbitrary plugin installation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-25121Shared CWE-352
CVE-2025-24001Shared CWE-352
CVE-2025-25147Shared CWE-352
CVE-2026-34904Shared CWE-352
CVE-2024-26153Shared CWE-352
CVE-2025-28860Shared CWE-352
CVE-2026-45430Shared CWE-352
CVE-2025-23880Shared CWE-352
CVE-2025-59541Shared CWE-352
CVE-2026-23622Shared CWE-352

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-23 requires protections for session authenticity, directly preventing CSRF attacks that exploit valid user sessions with forged requests.

prevent

SI-10 enforces validation of information inputs such as CSRF tokens, blocking forged requests lacking proper validation in the vulnerable plugin.

prevent

SI-2 mandates identification and correction of flaws like the CSRF vulnerability in Munk Sites through timely patching.

References