CVE-2025-69325
Awaiting Analysis Awaiting Analysis - Queue
Path Traversal Vulnerability in Primer MyData for WooCommerce

Publication date: 2026-02-20

Last updated on: 2026-02-24

Assigner: Patchstack

Description
Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69325
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
primersoftware primer_mydata to 4.2.8 (inc)
primersoftware primer_mydata_for_woocommerce to 4.2.8 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-35 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can allow unauthenticated attackers to access sensitive files or data on the server by exploiting the path traversal flaw.

Because no privileges are required to exploit this issue, it increases the risk of unauthorized data exposure or modification.

Such unauthorized access can lead to data breaches, loss of data integrity, and potential compromise of the affected system.

Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-69325 is a Path Traversal vulnerability in the WordPress Primer MyData for Woocommerce Plugin versions up to and including 4.2.8.'}, {'type': 'paragraph', 'content': "This vulnerability allows unauthenticated attackers to manipulate file paths using sequences like '.../...//' to access files and directories outside the intended scope."}, {'type': 'paragraph', 'content': 'It is classified under OWASP Top 10 A1: Broken Access Control and has a CVSS score of 5.3, indicating moderate severity.'}] [1]

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability allows unauthenticated attackers to perform path traversal attacks against the Primer MyData for Woocommerce Plugin up to version 4.2.8.'}, {'type': 'paragraph', 'content': "Detection can involve monitoring for suspicious HTTP requests that include path traversal patterns such as sequences like '.../...//' or attempts to access files outside the intended directories."}, {'type': 'paragraph', 'content': 'Network or web server logs can be searched for such patterns to identify potential exploitation attempts.'}, {'type': 'list_item', 'content': "Use command-line tools like grep to search web server logs for path traversal strings, for example: grep -E '\\.\\.\\/\\.\\.\\/|\\.\\.\\/\\.\\.\\/\\/' access.log"}, {'type': 'list_item', 'content': 'Use intrusion detection systems or web application firewalls that can detect and alert on path traversal attack patterns.'}] [1]

Mitigation Strategies

The most immediate and effective mitigation is to update the Primer MyData for Woocommerce Plugin to version 4.2.9 or later, where this vulnerability has been patched.

Until the update can be applied, it is recommended to implement blocking rules provided by Patchstack to prevent exploitation attempts targeting this vulnerability.

Additionally, enabling automatic updates and continuous protection offered by Patchstack can help protect vulnerable plugins.

Compliance Impact

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69325. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart