Plattform
wordpress
Komponente
music-sheet-viewer
Behoben in
4.1.1
CVE-2025-25155 describes an Arbitrary File Access vulnerability in efreja Music Sheet Viewer, allowing attackers to potentially read sensitive files on the server. This vulnerability stems from improper input validation, leading to a path traversal condition. Versions of Music Sheet Viewer from 0.0.0 up to and including 4.1 are affected. A fix is available in version 4.1.1.
The Arbitrary File Access vulnerability allows an attacker to bypass intended access controls and read arbitrary files on the server hosting the Music Sheet Viewer plugin. This could expose sensitive data such as configuration files, database credentials, or even source code. Successful exploitation could lead to a complete compromise of the WordPress instance, enabling attackers to gain unauthorized access, modify data, or execute malicious code. The potential blast radius extends beyond the plugin itself, impacting the entire WordPress environment.
This vulnerability was publicly disclosed on 2025-02-07. Currently, there are no known public exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog at the time of writing. The ease of exploitation is relatively high due to the path traversal nature of the vulnerability.
WordPress websites using the efreja Music Sheet Viewer plugin, particularly those running older versions (0.0.0 - 4.1), are at risk. Shared hosting environments where users have limited control over server configuration are also particularly vulnerable.
• wordpress / composer / npm:
grep -r '../' /var/www/html/wp-content/plugins/music-sheet-viewer/*• generic web:
curl -I 'http://your-wordpress-site.com/wp-content/plugins/music-sheet-viewer/../../../../etc/passwd' # Check for file disclosuredisclosure
Exploit-Status
EPSS
0.14% (34% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-25155 is to immediately upgrade the efreja Music Sheet Viewer plugin to version 4.1.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../). Additionally, restrict file permissions on sensitive files to prevent unauthorized access. Monitor WordPress access logs for suspicious file access attempts.
Actualice el plugin Music Sheet Viewer a la última versión disponible para solucionar la vulnerabilidad de recorrido de directorio. Verifique la página del plugin en WordPress.org para obtener la versión más reciente y las instrucciones de actualización. Asegúrese de realizar una copia de seguridad de su sitio web antes de actualizar cualquier plugin.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-25155 is a vulnerability allowing attackers to read files outside the intended directory in efreja Music Sheet Viewer due to improper input validation, resulting in a path traversal condition.
You are affected if you are using efreja Music Sheet Viewer versions 0.0.0 through 4.1. Versions 4.1.1 and later are not affected.
Upgrade efreja Music Sheet Viewer to version 4.1.1 or later. As a temporary workaround, implement a WAF rule to filter path traversal attempts.
Currently, there are no known active exploits, but the vulnerability's nature suggests potential for exploitation. Continuous monitoring is recommended.
Refer to the official efreja Music Sheet Viewer website or WordPress plugin repository for the latest advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.