CVE-2025-57921
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2025-09-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-57921
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
n-media frontend_file_manager *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a missing authorization issue in the N-Media Frontend File Manager plugin for WordPress (up to version 23.2). It is caused by broken access control due to missing authorization, authentication, or nonce token checks in certain plugin functions. This allows unauthenticated users to perform actions that should require higher privileges, effectively bypassing security controls. It is classified under OWASP Top 10 category A1: Broken Access Control. [1]

Impact Analysis

The impact of this vulnerability is that unauthenticated users can perform privileged actions within the Frontend File Manager plugin, potentially leading to unauthorized modifications or misuse of file management features. However, the severity is considered low with a CVSS score of 5.3, and it is unlikely to be widely exploited. There is no official patch yet, but virtual patching is available to mitigate the risk. If exploited, it could compromise the integrity of the affected website's file management. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for unauthorized access attempts to the Frontend File Manager plugin functions that lack proper authorization checks. Since the vulnerability allows unauthenticated users to perform privileged actions, you can look for unusual HTTP requests targeting the plugin endpoints or functions related to file management. Specific commands are not provided in the available resources, but general approaches include inspecting web server logs for suspicious access patterns or using web application firewalls to detect exploit attempts. [1]

Mitigation Strategies

Immediate mitigation steps include applying virtual patching (vPatching) provided by Patchstack, which automatically protects websites from this vulnerability without requiring an official patch. Additionally, it is recommended to seek professional incident response services or assistance from your hosting provider if you suspect compromise. Since no official fix is available yet, timely updates and monitoring are crucial to reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57921. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart