Cyber Resilience

CVE-2025-7040

High

Published: 06 September 2025

Published
06 September 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
EPSS Score 0.0019 41.0th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7040 is a high-severity Missing Authorization (CWE-862) vulnerability in Wordpress (inferred from references). Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-7040, published on 2025-09-06, is an unauthorized modification of data vulnerability in the Cloud SAML SSO plugin for WordPress, affecting all versions up to and including 1.0.19. The issue arises from a missing capability check on the 'set_organization_settings' action within the csso_handle_actions() function. This handler processes client-supplied POST parameters for organization settings and passes them directly to WordPress's update_option() without validating the user's capabilities or including a CSRF nonce check. The vulnerability carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L) and maps to CWE-862 (Missing Authorization).

Unauthenticated attackers can exploit this vulnerability remotely with low attack complexity and no user interaction required. By submitting crafted POST requests to the affected endpoint, they can arbitrarily alter critical plugin configurations, such as toggling SAML signing and encryption settings. This can disrupt the single sign-on (SSO) workflow, potentially leading to a denial-of-service condition by breaking authentication flows for legitimate users.

EU & UK References

Vulnerability details

The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. The handler reads client-supplied…

more

POST parameters for organization settings and passes them directly to update_option() without any check of the user’s capabilities or a CSRF nonce. This makes it possible for unauthenticated attackers to change critical configuration (including toggling signing and encryption), potentially breaking the SSO flow and causing a denial-of-service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
T1556 Modify Authentication Process Defense Impairment
Adversaries may modify authentication mechanisms and processes to access user credentials or enable otherwise unwarranted access to accounts.
Why these techniques?

Missing auth on SAML config handler enables remote exploitation of public app (T1190) and direct tampering of auth settings (T1556) that produces auth-flow DoS (T1499).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-13654Shared CWE-862
CVE-2025-22800Shared CWE-862
CVE-2025-28872Shared CWE-862
CVE-2026-45209Shared CWE-862
CVE-2026-25026Shared CWE-862
CVE-2026-42083Shared CWE-862
CVE-2026-0656Shared CWE-862
CVE-2026-24532Shared CWE-862
CVE-2025-13603Shared CWE-862
CVE-2025-69063Shared CWE-862

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations on functions like set_organization_settings, directly preventing unauthenticated modification of plugin configurations.

prevent

Restricts access to configuration changes such as organization settings updates to authorized personnel, mitigating unauthorized POST-based alterations.

prevent

Implements least privilege to ensure unauthenticated users cannot perform privileged actions like toggling SAML signing and encryption settings.

References