CVE-2025-67914
Published: 08 January 2026
Summary
CVE-2025-67914 is a high-severity Path Traversal: '.../...//' (CWE-35) vulnerability. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-67914 is a path traversal vulnerability involving the '.../...//' sequence in the beeteam368 VidMov WordPress theme. This issue affects VidMov versions from n/a through 2.3.8 and is classified under CWE-35.
The vulnerability carries a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N), indicating it can be exploited remotely over the network by low-privileged users with low attack complexity and no user interaction required. Successful exploitation changes scope and results in high integrity impact, enabling attackers to potentially manipulate or overwrite files outside intended paths.
Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Theme/vidmov/vulnerability/wordpress-vidmov-theme-2-3-8-path-traversal-vulnerability?_s_id=cve.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-1543
Vulnerability details
Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal enables remote file overwrite/manipulation outside intended directories on a public-facing WordPress app (T1190), directly supporting stored data manipulation with high integrity impact (T1565.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates and sanitizes path inputs to block traversal sequences like '.../...//', preventing unauthorized file access or manipulation in the VidMov theme.
Remediates the specific path traversal flaw in VidMov versions through <=2.3.8 by identifying, patching, and verifying the correction.
Enforces strict access controls on files and directories to deny low-privileged users from modifying resources outside intended paths despite traversal attempts.