Plattform
wordpress
Komponente
js-support-ticket
Behoben in
3.0.0
CVE-2025-30882 describes an Arbitrary File Access vulnerability within JoomSky JS Help Desk. This flaw allows attackers to potentially read arbitrary files on the server, leading to data exposure and potential system compromise. The vulnerability impacts versions 0.0.0 through 2.9.1 of JS Help Desk, and a fix is available in version 3.0.0.
The Arbitrary File Access vulnerability allows an attacker to bypass intended access controls and read arbitrary files on the server hosting JS Help Desk. Successful exploitation could lead to the exposure of configuration files, database credentials, source code, or other sensitive data. Depending on the files accessible, this could enable further compromise of the system, including privilege escalation or data exfiltration. The impact is amplified if the server hosts other critical applications or data.
CVE-2025-30882 was publicly disclosed on April 1, 2025. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog as of this writing. The ease of exploitation is moderate, as path traversal vulnerabilities are generally well-understood.
Websites utilizing older versions of JS Help Desk, particularly those with shared hosting environments or limited security configurations, are at heightened risk. Administrators who haven't implemented robust file access controls or regular vulnerability scanning are also more susceptible to exploitation.
• wordpress / composer / npm:
grep -r "../" /var/www/html/wp-content/plugins/js-help-desk/*• generic web:
curl -I http://your-site.com/../../../../etc/passwd• wordpress / composer / npm:
wp plugin list --status=inactive | grep js-help-desk• wordpress / composer / npm:
wp plugin update js-help-deskdisclosure
Exploit-Status
EPSS
0.50% (66% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-30882 is to upgrade JS Help Desk to version 3.0.0 or later, which contains the fix. If immediate upgrading is not possible, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../). Restrict file permissions on the server to minimize the potential impact of a successful exploit. Regularly review and harden server configurations to reduce the attack surface.
Actualice el plugin JS Help Desk a la versión 3.0.0 o superior para mitigar la vulnerabilidad de recorrido de ruta. Esta actualización corrige la falta de limitación adecuada de la ruta de acceso, previniendo el acceso no autorizado a archivos sensibles.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-30882 is a vulnerability in JS Help Desk allowing attackers to read arbitrary files due to a path traversal flaw. It affects versions 0.0.0 through 2.9.1 and has a CVSS score of 7.5 (HIGH).
You are affected if you are using JS Help Desk versions 0.0.0 through 2.9.1. Check your plugin version and upgrade immediately if vulnerable.
Upgrade JS Help Desk to version 3.0.0 or later to resolve the vulnerability. If immediate upgrade is not possible, implement temporary workarounds like WAF rules and restricted file permissions.
While no public exploits are currently known, the nature of path traversal vulnerabilities suggests potential for exploitation. Proactive remediation is recommended.
Refer to the JoomSky website and WordPress plugin repository for the official advisory and update information regarding CVE-2025-30882.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.