CVE-2025-7712

Critical

Published: 17 July 2025

Published

17 July 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Score 0.0498 89.7th percentile

Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7712 is a critical-severity Path Traversal (CWE-22) vulnerability in Mangabooth (inferred from references). Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the insufficient file path validation in wp_manga_delete_zip() that enables path traversal for arbitrary file deletion.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and remediation of the known flaw in the Madara plugin up to version 2.2.3 via patching or updates.

SI-7 Software, Firmware, and Information Integrity good match

detect

Monitors file integrity to detect unauthorized deletions of arbitrary files, such as wp-config.php, caused by the path traversal vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Direct unauthenticated remote exploitation of path traversal in public-facing WordPress plugin for arbitrary file deletion (and potential RCE escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wp_manga_delete_zip() function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete…

arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Deeper analysisAI

CVE-2025-7712 is a critical vulnerability in the Madara - Core plugin for WordPress, affecting all versions up to and including 2.2.3. It arises from insufficient file path validation in the wp_manga_delete_zip() function, enabling arbitrary file deletion on the server. Classified as CWE-22 (Path Traversal), it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), highlighting its high severity due to network accessibility, low attack complexity, and no privileges required.

Unauthenticated attackers can exploit this vulnerability remotely without user interaction. By manipulating file paths, they can delete arbitrary files, severely impacting system integrity and availability. This can readily escalate to remote code execution, such as by deleting critical files like wp-config.php, potentially compromising the entire WordPress installation.

Advisories provide further details on this issue, including the Wordfence threat intelligence report at https://www.wordfence.com/threat-intel/vulnerabilities/id/f9de8e90-5bda-4ab1-aa78-2748cd717376?source=cve and the plugin product page at https://mangabooth.com/product/wp-manga-theme-madara/. The CVE was published on 2025-07-17T03:15:26.427.