Cyber Resilience

CVE-2026-25397

High

Published: 25 March 2026

Published
25 March 2026
Modified
28 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0006 18.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25397 is a high-severity Path Traversal: '.../...//' (CWE-35) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-25397 is a path traversal vulnerability involving the '.../...//' sequence in the Snowray Software File Uploader for WooCommerce plugin (file-uploader-for-woocommerce). This issue affects all versions from n/a through 1.0.4 and is classified under CWE-35. The vulnerability was published on 2026-03-25 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Remote attackers can exploit this vulnerability without authentication, privileges, or user interaction due to its network accessibility and low attack complexity. Successful exploitation enables high confidentiality impact, allowing attackers to traverse directories and access sensitive files on the server, while integrity and availability remain unaffected.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/file-uploader-for-woocommerce/vulnerability/wordpress-file-uploader-for-woocommerce-plugin-1-0-4-path-traversal-vulnerability?_s_id=cve provides further details on the vulnerability for mitigation guidance.

EU & UK References

Vulnerability details

Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Path traversal in unauthenticated public-facing WooCommerce plugin directly enables remote file read (T1190 initial access + T1005 data from local system).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-25122Shared CWE-35
CVE-2025-22205Shared CWE-35
CVE-2025-41723Shared CWE-35
CVE-2025-24786Shared CWE-35
CVE-2025-24685Shared CWE-35
CVE-2025-42937Shared CWE-35
CVE-2024-54362Shared CWE-35
CVE-2024-49249Shared CWE-35
CVE-2025-59793Shared CWE-35
CVE-2025-67914Shared CWE-35

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of flaws like this path traversal vulnerability in the WooCommerce plugin, preventing exploitation through patching.

prevent

Mandates validation of file path inputs at upload points to reject traversal sequences such as '.../...//', directly blocking the attack vector.

prevent

Restricts file uploader inputs to explicitly permitted safe paths and formats, preventing directory traversal to sensitive files.

References