Cyber Resilience

CVE-2025-60188

High

Published: 06 November 2025

Published
06 November 2025
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0194 83.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-60188 is a high-severity Insertion of Sensitive Information Into Sent Data (CWE-201) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 16.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability is an Insertion of Sensitive Information Into Sent Data flaw, tracked as CWE-201, in the Atarim Visual Collaboration plugin for WordPress. It affects all versions through 4.2.1 and permits retrieval of embedded sensitive data, carrying a CVSS 3.1 score of 7.5 due to network accessibility without authentication.

Unauthenticated remote attackers can exploit the issue to extract confidential information from the affected plugin component. No user interaction or privileges are required, enabling direct confidentiality compromise over the network.

The Patchstack advisory describes the exposure in the WordPress Atarim plugin at version 4.2 and provides details on the sensitive data disclosure.

The EPSS score rose from a low baseline to a peak of 0.0550 on 2026-03-08 before receding to the current value of 0.0194, indicating a temporary increase in exploitation interest after disclosure.

EU & UK References

Vulnerability details

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.1.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-201

Embedding taints allows detection when sensitive data is inserted into outbound or sent data streams.

References