Plattform
wordpress
Komponente
lbg-audio11-html5-shoutcast_history
Behoben in
2.7
CVE-2025-31635 describes an Arbitrary File Access vulnerability within the CLEVER software, specifically a path traversal flaw. This allows unauthorized access to files outside of the intended directory. The vulnerability impacts CLEVER versions from 0.0.0 up to and including 2.6. A fix is available in version 2.7.
The Arbitrary File Access vulnerability allows an attacker to bypass intended security restrictions and read files outside of the intended directory. This could expose sensitive data such as configuration files, database credentials, or even source code. Successful exploitation could lead to complete compromise of the WordPress instance and potentially the underlying server. While the specific impact depends on the files accessible, the potential for data exfiltration and system takeover is significant. This vulnerability shares similarities with other path traversal exploits where attackers manipulate file paths to gain unauthorized access.
CVE-2025-31635 was publicly disclosed on 2025-06-09. Currently, there are no known public proof-of-concept exploits. The EPSS score is pending evaluation. It is recommended to prioritize patching due to the potential for severe data exposure.
Websites and applications utilizing CLEVER versions 0.0.0 through 2.6 are at risk. This includes organizations using CLEVER for audio streaming or related functionalities. Shared hosting environments where CLEVER is installed are particularly vulnerable, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r "../" /var/www/html/clever/*• generic web:
curl -I 'http://your-clever-site/../../../../etc/passwd' # Check for file accessdisclosure
Exploit-Status
EPSS
0.13% (32% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-31635 is to upgrade CLEVER to version 2.7 or later, which contains the fix. If an immediate upgrade is not possible, implement temporary workarounds. Restrict file access permissions within the CLEVER plugin directory to minimize potential damage. Thoroughly validate all user-supplied input to prevent path manipulation. Consider implementing a Web Application Firewall (WAF) with rules to block suspicious path traversal attempts. Regularly review and audit file access logs for any anomalous activity.
Actualice el plugin CLEVER a la versión 2.7 o superior para mitigar la vulnerabilidad de recorrido de directorio. Esta actualización aborda la falta de limitación adecuada de la ruta de acceso, previniendo el acceso no autorizado a archivos sensibles en el servidor.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-31635 is a HIGH severity vulnerability in CLEVER versions 0.0.0 through 2.6 that allows attackers to read arbitrary files via a path traversal flaw, potentially exposing sensitive data.
If you are using CLEVER versions 0.0.0 through 2.6, you are potentially affected by this vulnerability. Upgrade to version 2.7 or later to mitigate the risk.
The recommended fix is to upgrade CLEVER to version 2.7 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting file access and using a WAF.
There is currently no confirmed evidence of active exploitation, but the vulnerability's nature suggests it could be targeted. Continuous monitoring is advised.
Refer to the official LambertGroup CLEVER advisory for detailed information and updates regarding CVE-2025-31635.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.