CVE-2025-58199
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fastly | wordpress_fastly_plugin | 1.2.28 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute unauthorized actions on your site through authenticated users, which may compromise the integrity of your site. Although the risk is considered low and the severity is low (CVSS 4.3), it could lead to unwanted changes or disruptions if exploited. There is currently no official patch, but virtual patching is available as a mitigation. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official fix or patched version is currently available, immediate mitigation can be achieved by applying Patchstack's virtual patching (vPatch), which auto-mitigates the vulnerability even without an official patch. Users should monitor for updates and consider professional incident response if compromise is suspected. [1]
Can you explain this vulnerability to me?
CVE-2025-58199 is a Cross Site Request Forgery (CSRF) vulnerability in the WordPress Fastly Plugin up to version 1.2.28. It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions on the site without their consent, potentially compromising the site's integrity. The vulnerability requires no authentication to exploit and is classified under OWASP Top 10 A1: Broken Access Control. [1]