CVE-2025-7955

Critical

Published: 28 August 2025

Published

28 August 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0057 68.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7955 is a critical-severity Improper Authentication (CWE-287) vulnerability in Wordpress (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the CVE by requiring identification, testing, and installation of software patches for the authentication bypass flaw in the WordPress plugin.

SI-10 Information Input Validation good match

prevent

Addresses the improper validation of 2FA codes in the ringcentral_admin_login_2fa_verify() function by enforcing rigorous input validation to reject bogus codes.

IA-5 Authenticator Management good match

prevent

Ensures proper management and verification of multifactor authenticators like 2FA codes, preventing bypass through flawed validation logic.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1078 Valid Accounts Stealth

Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

Why these techniques?

Auth bypass in public-facing WordPress plugin directly enables remote exploitation (T1190) and unauthorized use of valid accounts including admin (T1078).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_verify() function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers to log in as any user simply by supplying…

identical bogus codes.

Deeper analysisAI

CVE-2025-7955 is an authentication bypass vulnerability in the RingCentral Communications plugin for WordPress, affecting versions 1.5 through 1.6.8. The flaw arises from improper validation within the ringcentral_admin_login_2fa_verify() function, mapped to CWE-287 (Improper Authentication). Published on 2025-08-28, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to its potential for high-impact remote exploitation.

Unauthenticated attackers can exploit this vulnerability over the network with low complexity and no privileges or user interaction required. By supplying identical bogus codes to the 2FA verification process, they can log in as any user, including administrators, thereby achieving unauthorized access to the WordPress site.

References include the vulnerable source code in the plugin's tag 1.6.8 on WordPress plugins trac, a fixing changeset 3349361, the plugin's developers page on wordpress.org, and Wordfence's threat intelligence details on the issue. Security practitioners should review these for patch implementation and upgrade guidance beyond version 1.6.8.