CVE-2025-25122

High

Published: 03 March 2025

Published

03 March 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0031 54.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25122 is a high-severity Path Traversal: '.../...//' (CWE-35) vulnerability. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the path traversal flaw in WizShop versions <=3.0.2 by identifying, testing, and applying vendor-provided patches or updates.

SI-10 Information Input Validation good match

prevent

Validates user-supplied path inputs to block traversal sequences like '.../...//' that enable arbitrary file access outside intended directories.

SC-7 Boundary Protection partial match

preventdetect

Enforces boundary protections such as web application firewalls to monitor and block network traffic exploiting path traversal attempts.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

Path traversal in public-facing web component directly enables exploitation via T1190 Exploit Public-Facing Application; arbitrary file access/manipulation facilitates T1005 Data from Local System for reading sensitive files.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

Path Traversal: '.../...//' vulnerability in hashshop WizShop wizshop allows Path Traversal.This issue affects WizShop: from n/a through <= 3.0.2.

Deeper analysisAI

CVE-2025-25122 is a Path Traversal vulnerability involving the '.../...//' sequence in the hashshop WizShop wizshop component. This issue affects WizShop versions from n/a through 3.0.2 and has a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), mapped to CWE-35.

Unauthenticated attackers with network access can exploit this vulnerability, though it requires high attack complexity and no user interaction. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary file access or manipulation on the affected system.

The Patchstack advisory provides further details on this vulnerability at https://patchstack.com/database/Wordpress/Plugin/wizshop/vulnerability/wordpress-wp-spell-check-plugin-9-21-cross-site-request-forgery-csrf-vulnerability-4?_s_id=cve.

Details

CWE(s): CWE-35

CVEs Like This One

CVE-2026-25397Shared CWE-35

CVE-2025-42937Shared CWE-35

CVE-2025-22205Shared CWE-35

CVE-2024-54362Shared CWE-35

CVE-2025-41723Shared CWE-35

CVE-2025-24786Shared CWE-35

CVE-2025-24685Shared CWE-35

CVE-2024-49249Shared CWE-35

CVE-2025-59793Shared CWE-35

CVE-2025-67914Shared CWE-35

References

https://patchstack.com/database/Wordpress/Plugin/wizshop/vulnerability/wordpress-wp-spell-check-plugin-9-21-cross-site-request-forgery-csrf-vulnerability-4?_s_id=cve
audit@patchstack.com