CVE-2025-6222
Published: 18 July 2025
Summary
CVE-2025-6222 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Codecanyon (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is an arbitrary file upload flaw in the WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet plugin for WordPress. It stems from missing file type validation in the ced_rnx_order_exchange_attach_files function and affects all versions through 3.2.6, carrying a CVSS 3.1 score of 9.8 and mapping to CWE-434.
Unauthenticated attackers can exploit the issue over the network without any user interaction or credentials to upload arbitrary files to the server, which may enable remote code execution and full compromise of the affected site.
The listed references include the plugin changelog on CodeCanyon and the Wordfence threat intelligence entry for this CVE; administrators should consult those sources for available updates that address the missing validation. The associated EPSS score remains low and unchanged at 0.0142 with no observed rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21855
Vulnerability details
The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ced_rnx_order_exchange_attach_files' function in all versions up to, and…
more
including, 3.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary unauthenticated file upload in public-facing WordPress plugin directly enables remote exploitation of the web app (T1190), ingress of malicious files (T1105), and deployment of web shells for RCE (T1505.003).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely remediation of the arbitrary file upload flaw in the WooCommerce theme's 'ced_rnx_order_exchange_attach_files' function by patching to versions beyond 3.2.6.
Mandates validation of information inputs such as file types in upload functions to block arbitrary file uploads exploited in this CVE.
Deploys malicious code protection mechanisms to scan and prevent execution of arbitrary files uploaded via the vulnerable function.