CVE-2025-68507
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-04-27

Assigner: Patchstack

Description
Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through <= 3.1.35.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68507
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
icegram icegram From 3.1.0 (inc) to 3.1.35 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68507 is a Broken Access Control vulnerability in the WordPress Icegram Plugin (versions up to 3.1.35). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, allowing unauthenticated users to perform actions that should be restricted to higher-privileged users. [1]

Impact Analysis

This vulnerability allows unauthenticated users to perform privileged actions, potentially compromising the security and integrity of your website. It can lead to unauthorized changes or access, increasing the risk of exploitation and damage to your site. [1]

Detection Guidance

Detection can involve monitoring for unauthorized access attempts to functions that should require higher privileges in the Icegram plugin up to version 3.1.35. Since the vulnerability allows unauthenticated users to perform privileged actions, checking web server logs for suspicious requests targeting Icegram plugin endpoints may help. Using web application firewall (WAF) logs or rules that detect attempts to exploit missing authorization can also assist. Specific commands are not provided in the resources. [1]

Mitigation Strategies

The immediate step is to update the Icegram WordPress plugin to version 3.1.36 or later, where the vulnerability is fixed. Until the update can be applied, users of Patchstack can enable the automatic mitigation rule that blocks attacks targeting this vulnerability. Additionally, enabling auto-updates for vulnerable plugins is recommended to ensure timely protection. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68507. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart