CVE-2025-6722
BaseFortify
Publication date: 2025-08-02
Last updated on: 2025-08-25
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bitfire | bitfire_wordpress_plugin | 4.5 |
| bitfire | bitfire_wordpress_plugin | 4.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6722 is an information disclosure vulnerability in the BitFire Security WordPress plugin. It occurs because the plugin creates a directory (bitfire_*) that stores sensitive files like config.ini and debug.log without proper access restrictions. If a WordPress server is misconfigured with directory listings enabled and the core plugin index.php file is deleted, attackers can access this directory and extract sensitive firewall logs and configuration data without authentication. [2]
How can this vulnerability impact me? :
This vulnerability can allow unauthenticated attackers to access sensitive information such as firewall logs and configuration files. This exposure could help attackers understand the firewall's settings and potentially bypass security measures, increasing the risk of malware infections, redirects, backdoors, or account takeovers on the affected WordPress site. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking if the bitfire_* directory exists and is accessible without authentication, especially if directory listing is enabled on your WordPress server. One way is to attempt accessing URLs like /wp-content/plugins/bitfire_*/config.ini or /wp-content/plugins/bitfire_*/debug.log to see if sensitive files are exposed. Additionally, verify if directory listing is enabled by trying to access /wp-content/plugins/bitfire_*/ in a browser or via curl. On the server, you can run commands to check for the presence of the bitfire_* directory and its contents, for example: `ls -la wp-content/plugins/ | grep bitfire` and `curl -I http://yourdomain.com/wp-content/plugins/bitfire_*/config.ini` to check accessibility. Also, check if the index.php file is missing in the plugins directory, which can lead to exposure. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the BitFire plugin to version 4.6 or later, which implements several security measures: relocating the configuration and log data directory from /wp-content/plugins/bitfire_RANDOM to /wp-content/uploads/bitfire_RANDOM, increasing the random directory name length, adding a .htaccess file to restrict access to sensitive directories, and ensuring the presence of an index.php file in the uploads directory to prevent directory listing. If upgrading is not immediately possible, manually add .htaccess restrictions to the bitfire_* directories to block unauthorized access and ensure directory listing is disabled on your web server. Also, verify that the index.php file exists in the relevant directories to prevent directory listing. [1, 2]