Cyber Resilience

CVE-2025-32222

CriticalRCE

Published: 06 November 2025

Published
06 November 2025
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0011 29.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32222 is a critical-severity Code Injection (CWE-94) vulnerability. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-32222 is an Improper Control of Generation of Code ('Code Injection') vulnerability, classified under CWE-94, in the Widget Logic WordPress plugin (widget-logic) from Widgetlogic.org. This issue affects all versions of Widget Logic through 6.0.5.

The vulnerability carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating critical severity. A low-privileged remote attacker, such as an authenticated WordPress user, can exploit it over the network with low complexity and no user interaction required. Successful exploitation enables code injection, allowing the attacker to achieve high-impact remote code execution with full compromise of confidentiality, integrity, and availability across the changed scope.

The Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/widget-logic/vulnerability/wordpress-widget-logic-6-0-5-remote-code-execution-rce-vulnerability?_s_id=cve) documents the remote code execution vulnerability in Widget Logic up to version 6.0.5.

EU & UK References

Vulnerability details

Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through <= 6.0.5.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a code injection flaw in a public-facing WordPress plugin, enabling low-privileged authenticated attackers to achieve remote code execution, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-13773Shared CWE-94
CVE-2025-50692Shared CWE-94
CVE-2026-30643Shared CWE-94
CVE-2026-30460Shared CWE-94
CVE-2025-71243Shared CWE-94
CVE-2026-44262Shared CWE-94
CVE-2024-13792Shared CWE-94
CVE-2020-37052Shared CWE-94
CVE-2026-42555Shared CWE-94
CVE-2025-65037Shared CWE-94

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates code injection by requiring validation and sanitization of untrusted inputs to the Widget Logic plugin before generating code.

prevent

Ensures timely patching of the specific code injection flaw in Widget Logic versions through 6.0.5 to prevent remote code execution.

prevent

Prohibits or controls user installation of vulnerable third-party plugins like Widget Logic, preventing introduction of the code injection vulnerability.

References