CVE-2025-63051
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-28

Assigner: Patchstack

Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-28
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-63051
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack rehub_framework to 19.9.9.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-63051 is a Sensitive Data Exposure vulnerability in the WordPress REHub Framework Plugin versions before 19.9.9.4. It allows a malicious actor with subscriber-level privileges to access sensitive system information that should normally be restricted, potentially enabling further exploitation of other system weaknesses. The vulnerability is classified under OWASP Top 10 category A3: Sensitive Data Exposure and has a low severity impact with a CVSS score of 4.3. [1]

Impact Analysis

This vulnerability can impact you by allowing unauthorized users with subscriber-level access to retrieve sensitive information from the system. Although the severity is low, this exposure could lead to further exploitation of other vulnerabilities or unauthorized actions within the system. It is recommended to update the plugin to version 19.9.9.4 or later to mitigate this risk. [1]

Mitigation Strategies

To mitigate this vulnerability, update the REHub Framework Plugin to version 19.9.9.4 or later. Patchstack also offers automated updates for vulnerable plugins to provide rapid protection. [1]

Compliance Impact

The vulnerability involves exposure of sensitive data to unauthorized users, which could potentially lead to non-compliance with data protection standards and regulations such as GDPR and HIPAA that require safeguarding sensitive information. However, the provided resources do not explicitly discuss the impact on compliance with these standards. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-63051. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart