CVE-2025-9345
BaseFortify
Publication date: 2025-08-28
Last updated on: 2025-08-29
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| managefy | softdiscover-db-file-manager | 1.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9345 is a path traversal vulnerability in the File Manager, Code Editor, and Backup by Managefy WordPress plugin (softdiscover-db-file-manager) up to version 1.4.8. It allows authenticated users with Subscriber-level access or higher to exploit the ajax_downloadfile() function to access files outside the intended directory. This happens because the plugin did not properly validate and sanitize the filename input, allowing attackers to traverse directories and download unauthorized files. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers with low-level authenticated access to download sensitive files outside the intended backup directory. This could lead to exposure of confidential data, backup files, or other sensitive information stored on the server. Although the vulnerability does not allow file modification or deletion, unauthorized file disclosure can compromise data confidentiality. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively affect compliance with standards like GDPR and HIPAA because it allows unauthorized access to potentially sensitive personal or protected health information stored in files on the server. Unauthorized disclosure of such data violates confidentiality requirements mandated by these regulations, potentially leading to legal and financial consequences. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, monitor for unauthorized or suspicious AJAX requests to the ajax_downloadfile() function in the softdiscover-db-file-manager plugin, especially those attempting to download backup files. Look for requests with the 'flm_file' parameter containing unexpected or malformed filenames that could indicate path traversal attempts. You can use web server access logs or network monitoring tools to filter such requests. For example, using grep on Apache logs: `grep 'admin-ajax.php?action=ajax_downloadfile' /var/log/apache2/access.log` and then inspect the 'flm_file' parameter values. Additionally, check for HTTP 403 Forbidden responses indicating access control enforcement. There are no specific commands provided, but monitoring AJAX downloadfile requests and their parameters is key. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the softdiscover-db-file-manager WordPress plugin to version 1.5.0 or later, which contains the fix for CVE-2025-9345. This update enforces strict user capability checks, input sanitization, and secure file serving to prevent path traversal and unauthorized file downloads. Additionally, ensure that the backup directory is protected with appropriate access controls such as index.html, .htaccess, and web.config files denying unauthorized access. Verify that nonce verification is enabled for AJAX actions to prevent CSRF attacks. If updating immediately is not possible, restrict access to the ajax_downloadfile() function to trusted users only and monitor for suspicious activity. [1]