Cyber Resilience

CVE-2025-6679

Critical

Published: 15 August 2025

Published
15 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0133 80.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-6679 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-6679 is a critical vulnerability in the Bit Form builder plugin for WordPress, affecting all versions up to and including 2.20.4. It stems from missing file type validation, enabling arbitrary file uploads to the affected site's server. The issue is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility and lack of prerequisites for initial access.

Unauthenticated attackers can exploit this vulnerability by uploading arbitrary files, which may lead to remote code execution on the server. For successful exploitation, the PRO version of the plugin must be installed and activated, and a form containing an advanced file upload element must be published on the site.

Advisories and patch details are available in referenced sources, including a WordPress plugin trac changeset (https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3343461%40bit-form%2Ftrunk&old=3336733%40bit-form%2Ftrunk&sfp_email=&sfph_mail=), the plugin's official page (https://wordpress.org/plugins/bit-form/), and Wordfence threat intelligence (https://www.wordfence.com/threat-intel/vulnerabilities/id/6e2e294f-904b-4674-8baf-d3a9a260d634?source=cve), which outline remediation steps such as updating the plugin beyond version 2.20.4.

EU & UK References

Vulnerability details

The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the…

more

affected site's server which may make remote code execution possible. For this to be exploitable, the PRO version needs to be installed and activated as well. Additionally a form with an advanced file upload element needs to be published.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Arbitrary file upload in public-facing WordPress plugin directly enables T1190 exploitation for initial access and RCE; uploaded files (e.g., PHP) facilitate T1505.003 web shell deployment.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434
CVE-2026-2097Shared CWE-434
CVE-2025-12154Shared CWE-434
CVE-2026-42748Shared CWE-434
CVE-2025-32957Shared CWE-434

Affected Assets

PRO
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by identifying and patching the vulnerable Bit Form plugin versions up to 2.20.4.

prevent

Enforces validation of file uploads in forms, addressing the missing file type validation that enables arbitrary file uploads.

preventdetect

Scans uploaded files for malicious code, detecting or blocking dangerous files that could lead to RCE even if validation fails.

References