CVE-2025-9516
Published: 04 September 2025
Summary
CVE-2025-9516 is a medium-severity Absolute Path Traversal (CWE-36) vulnerability in Wordpress (inferred from references). Its CVSS base score is 4.9 (Medium).
Operationally, ranked at the 30.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-34037
Vulnerability details
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents…
more
of files outside of the originally intended directory.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.