CVE-2025-69128
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-69128
EUVD
EUVD-2025-210247
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
emv jobcareer to 7.3 (inc)
patchstack jobcareer to 7.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69128 is a vulnerability in the WordPress JobCareer Theme (version 7.3 and below) that allows an attacker to perform arbitrary file deletion through a Path Traversal flaw. This means an attacker with Subscriber-level privileges can manipulate file paths to delete critical files from the website.

Impact Analysis

Exploitation of this vulnerability can lead to deletion of important files on your website, which may cause the site to malfunction or break entirely. Since the attacker only needs Subscriber-level access, it poses a significant risk to site integrity and availability.

Mitigation Strategies

The WordPress JobCareer Theme versions 7.3 and below are vulnerable to this issue, and there is currently no official patch available from the developers.

Immediate mitigation steps include applying the temporary mitigation rule issued by Patchstack to block attacks until an official fix is released.

It is also recommended to update the theme if a newer secure version becomes available or seek assistance from your hosting provider or a developer to implement protective measures.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69128. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart