Cyber Resilience

CVE-2025-7955

Critical

Published: 28 August 2025

Published
28 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0057 69.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7955 is a critical-severity Improper Authentication (CWE-287) vulnerability in Wordpress (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-7955 is an authentication bypass vulnerability in the RingCentral Communications plugin for WordPress, affecting versions 1.5 through 1.6.8. The flaw arises from improper validation within the ringcentral_admin_login_2fa_verify() function, mapped to CWE-287 (Improper Authentication). Published on 2025-08-28, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to its potential for high-impact remote exploitation.

Unauthenticated attackers can exploit this vulnerability over the network with low complexity and no privileges or user interaction required. By supplying identical bogus codes to the 2FA verification process, they can log in as any user, including administrators, thereby achieving unauthorized access to the WordPress site.

References include the vulnerable source code in the plugin's tag 1.6.8 on WordPress plugins trac, a fixing changeset 3349361, the plugin's developers page on wordpress.org, and Wordfence's threat intelligence details on the issue. Security practitioners should review these for patch implementation and upgrade guidance beyond version 1.6.8.

EU & UK References

Vulnerability details

The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_verify() function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers to log in as any user simply by supplying…

more

identical bogus codes.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Auth bypass in public-facing WordPress plugin directly enables remote exploitation (T1190) and unauthorized use of valid accounts including admin (T1078).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-2991Shared CWE-287
CVE-2026-5229Shared CWE-287
CVE-2026-24038Shared CWE-287
CVE-2026-8621Shared CWE-287
CVE-2025-67822Shared CWE-287
CVE-2025-22146Shared CWE-287
CVE-2026-3655Shared CWE-287
CVE-2026-45156Shared CWE-287
CVE-2026-5722Shared CWE-287
CVE-2026-0953Shared CWE-287

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring identification, testing, and installation of software patches for the authentication bypass flaw in the WordPress plugin.

prevent

Addresses the improper validation of 2FA codes in the ringcentral_admin_login_2fa_verify() function by enforcing rigorous input validation to reject bogus codes.

prevent

Ensures proper management and verification of multifactor authenticators like 2FA codes, preventing bypass through flawed validation logic.

References