CVE-2025-48317
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Path Traversal: '.../...//' vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay woocommerce-payment-gateway-for-saferpay allows Path Traversal.This issue affects WooCommerce Payment Gateway for Saferpay: from n/a through <= 0.4.9.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2025-09-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-48317
EUVD
EUVD-2025-27261
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack woocommerce_payment_gateway_for_saferpay 0.4.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-35 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a path traversal flaw in the WooCommerce Payment Gateway for Saferpay plugin (versions up to 0.4.9). It allows unauthenticated attackers to exploit the flaw to access unauthorized files or directories on the server. It is classified under OWASP Top 10 A1: Broken Access Control and has a high severity with a CVSS score of 7.5. The plugin appears to be abandoned, with no official fix available, making exploitation more likely. [1]

Impact Analysis

This vulnerability can allow attackers to access sensitive or unauthorized files on your server without authentication. This could lead to exposure of confidential information or system files, potentially compromising the security of your website or server. Since the plugin is likely abandoned and no official fix exists, the risk of exploitation is high, and automated attacks may target this vulnerability rapidly. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for exploitation attempts targeting the path traversal flaw in the WooCommerce Payment Gateway for Saferpay plugin (versions up to 0.4.9). While specific commands are not provided, applying the Patchstack virtual patch (vPatch) can help block exploitation attempts. Network or web server logs should be inspected for unusual requests attempting to access unauthorized files or directories via path traversal patterns (e.g., requests containing '../'). Using web application firewall (WAF) rules or intrusion detection systems (IDS) configured to detect path traversal payloads can also aid in detection. [1]

Mitigation Strategies

Immediate mitigation steps include applying the Patchstack virtual patch (vPatch) released to block exploitation attempts until an official fix is available. Users are strongly advised to apply this virtual patch immediately or replace the vulnerable plugin with a secure alternative. Simply deactivating the plugin does not eliminate the security risk, so active mitigation is necessary. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-48317. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart