CVE-2025-52805
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-35 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52805 is a Local File Inclusion (LFI) vulnerability in the WordPress Leyka plugin (up to version 3.31.9). It allows an unauthenticated attacker to include and access local files on the target website. This can expose sensitive information such as database credentials and potentially lead to a complete database takeover depending on the website's configuration. The vulnerability falls under the OWASP Top 10 category A1: Broken Access Control. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including exposure of sensitive information like database credentials, which can lead to unauthorized access and control over the database. It may result in a complete database takeover, compromising the integrity, confidentiality, and availability of the affected system. Due to the high risk of mass exploitation, immediate mitigation is recommended to prevent potential security breaches. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring web server logs for suspicious requests attempting to include local files via the Leyka plugin, such as requests containing file path traversal patterns (e.g., ../). Additionally, applying Patchstack's virtual patch (vPatch) can help block attack attempts and provide detection through blocked request logs. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack virtual patch (vPatch) which blocks attack attempts until an official fix is released. It is also recommended to perform professional incident response and server-side malware scanning if a site is suspected to be compromised. Since no official fix is available yet, applying the vPatch is the safest immediate action. [1]