Platform
wordpress
Component
lbg-audio11-html5-shoutcast_history
Fixed in
2.7
CVE-2025-31635 describes an Arbitrary File Access vulnerability within the CLEVER software, specifically a path traversal flaw. This allows unauthorized access to files outside of the intended directory. The vulnerability impacts CLEVER versions from 0.0.0 up to and including 2.6. A fix is available in version 2.7.
The Arbitrary File Access vulnerability allows an attacker to potentially read any file accessible by the web server process. This could include sensitive configuration files, source code, database credentials, or even user data. Successful exploitation could lead to complete compromise of the CLEVER installation and potentially the underlying server. While the description doesn't explicitly mention it, a path traversal vulnerability of this nature could be leveraged for remote code execution if the attacker can upload a malicious file and then access it via the traversal.
CVE-2025-31635 was publicly disclosed on 2025-06-09. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. Public proof-of-concept exploits are not currently known, but the nature of path traversal vulnerabilities makes them likely to emerge. The vulnerability's severity and ease of exploitation warrant close monitoring.
Exploit Status
EPSS
0.13% (32% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-31635 is to upgrade CLEVER to version 2.7 or later, which contains the fix. If upgrading immediately is not possible, consider implementing temporary workarounds. These may include restricting file access permissions on the server, implementing stricter input validation to prevent path traversal attempts, and using a Web Application Firewall (WAF) to filter out malicious requests. Review and harden server configurations to limit the potential impact of a successful exploit. After upgrading, confirm the vulnerability is resolved by attempting a path traversal request and verifying that access is denied.
Actualice el plugin CLEVER a la versión 2.7 o superior para mitigar la vulnerabilidad de recorrido de directorio. Esta actualización aborda la falta de limitación adecuada de la ruta de acceso, previniendo el acceso no autorizado a archivos sensibles en el servidor.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-31635 is a HIGH severity vulnerability in CLEVER versions 0.0.0 through 2.6 that allows attackers to read arbitrary files via a path traversal flaw, potentially exposing sensitive data.
If you are using CLEVER versions 0.0.0 through 2.6, you are potentially affected by this vulnerability. Upgrade to version 2.7 or later to mitigate the risk.
The recommended fix is to upgrade CLEVER to version 2.7 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting file access and using a WAF.
There is currently no confirmed evidence of active exploitation, but the vulnerability's nature suggests it could be targeted. Continuous monitoring is advised.
Refer to the official LambertGroup CLEVER advisory for detailed information and updates regarding CVE-2025-31635.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.