Platform
wordpress
Component
js-support-ticket
Fixed in
3.0.0
CVE-2025-30882 describes an Arbitrary File Access vulnerability within JoomSky JS Help Desk. This flaw allows attackers to potentially read arbitrary files on the server, leading to data exposure and potential system compromise. The vulnerability impacts versions 0.0.0 through 2.9.1 of JS Help Desk, and a fix is available in version 3.0.0.
The Arbitrary File Access vulnerability allows an attacker to bypass intended security restrictions and access files outside of the intended directory. In the context of JS Help Desk, this could enable an attacker to retrieve configuration files, database credentials, or other sensitive data stored on the server. Successful exploitation could lead to unauthorized access to user data, system compromise, and potential data breaches. The impact is amplified if the server hosting JS Help Desk also contains other sensitive applications or data.
CVE-2025-30882 was publicly disclosed on April 1, 2025. No public proof-of-concept exploits are currently known. The vulnerability is not listed on the CISA KEV catalog at the time of writing. Given the nature of path traversal vulnerabilities, it is prudent to assume that exploitation is possible and to prioritize remediation.
Exploit Status
EPSS
0.50% (66% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-30882 is to upgrade JS Help Desk to version 3.0.0 or later, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider implementing temporary workarounds such as restricting file access permissions on the server, implementing a Web Application Firewall (WAF) with rules to block path traversal attempts, and closely monitoring access logs for suspicious activity. Regularly scan the WordPress installation for vulnerabilities using a reputable security plugin.
Actualice el plugin JS Help Desk a la versión 3.0.0 o superior para mitigar la vulnerabilidad de recorrido de ruta. Esta actualización corrige la falta de limitación adecuada de la ruta de acceso, previniendo el acceso no autorizado a archivos sensibles.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-30882 is a vulnerability in JS Help Desk allowing attackers to read arbitrary files due to a path traversal flaw. It affects versions 0.0.0 through 2.9.1 and has a CVSS score of 7.5 (HIGH).
You are affected if you are using JS Help Desk versions 0.0.0 through 2.9.1. Check your plugin version and upgrade immediately if vulnerable.
Upgrade JS Help Desk to version 3.0.0 or later to resolve the vulnerability. If immediate upgrade is not possible, implement temporary workarounds like WAF rules and restricted file permissions.
While no public exploits are currently known, the nature of path traversal vulnerabilities suggests potential for exploitation. Proactive remediation is recommended.
Refer to the JoomSky website and WordPress plugin repository for the official advisory and update information regarding CVE-2025-30882.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.