CVE-2025-5397

Critical

Published: 31 October 2025

Published

31 October 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0046 64.2th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-5397 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Themeforest (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of the authentication bypass flaw in the check_login() function of the Noo JobMonster theme.

IA-2 Identification and Authentication (Organizational Users) good match

prevent

Mandates unique identification and authentication of organizational users, directly countering the theme's failure to properly verify user identity before granting access.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for logical access, addressing the improper access enforcement that allows unauthenticated attackers to gain administrative privileges.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is an authentication bypass in a public-facing WordPress theme, enabling unauthenticated remote exploitation for administrative access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it…

possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability.

Deeper analysisAI

CVE-2025-5397 is an authentication bypass vulnerability in the Noo JobMonster theme for WordPress, affecting all versions up to and including 4.8.1. The flaw arises in the check_login() function, which fails to properly verify a user's identity before successfully authenticating them. Sites are only impacted if social login is enabled.

Unauthenticated attackers can exploit this vulnerability remotely with low complexity, requiring no privileges or user interaction. Successful exploitation allows bypassing standard authentication to gain access to administrative user accounts, potentially leading to full compromise. The CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) underscores its critical severity, mapped to CWE-288 (Authentication Bypass Using an Alternate Path or Channel).

Advisories and references include a Wordfence threat intelligence report at https://www.wordfence.com/threat-intel/vulnerabilities/id/6fa4aa8d-d7f1-4e91-bb2c-c9f80a4bb216?source=cve and the theme's product page on ThemeForest at https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446.