Platform
wordpress
Component
print-science-designer
Fixed in
1.3.156
CVE-2025-32671 describes an Arbitrary File Access vulnerability within Print Science Designer, allowing attackers to potentially read sensitive files from the server. This vulnerability stems from improper input validation, leading to a path traversal condition. Versions of Print Science Designer from 0 through 1.3.155 are affected. A patch is available in version 1.3.156.
The Arbitrary File Access vulnerability allows an attacker to bypass intended access controls and read files from the server's file system. This could expose sensitive data such as configuration files, database credentials, or even source code. Successful exploitation could lead to a significant compromise of the server's confidentiality. While the description doesn't explicitly mention it, a successful attacker could potentially use this vulnerability to gain further access to the system, depending on the files they are able to read and the privileges of the web server process. This is similar to other path traversal vulnerabilities where attackers leverage file disclosure to escalate privileges or gain further system access.
CVE-2025-32671 was publicly disclosed on 2025-04-11. The vulnerability's severity is rated HIGH (CVSS 7.5). No public proof-of-concept (PoC) code has been identified at the time of writing. It is not currently listed on the CISA KEV catalog. Exploitation probability is currently considered low due to the lack of public PoCs.
Exploit Status
EPSS
0.50% (66% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-32671 is to upgrade Print Science Designer to version 1.3.156 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to block requests containing path traversal sequences (e.g., ../). Restrict file system access permissions for the web server user to the minimum necessary. Regularly review and audit file system permissions to ensure they are properly configured. After upgrading, confirm the vulnerability is resolved by attempting to access a non-existent file via a path traversal request; the server should return a 403 or 404 error.
Actualice el plugin Print Science Designer a la última versión disponible para solucionar la vulnerabilidad de recorrido de directorio. Verifique la página del plugin en wordpress.org para obtener la versión más reciente y las instrucciones de actualización. Considere implementar medidas de seguridad adicionales, como limitar el acceso a archivos sensibles y validar las entradas del usuario.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-32671 is a HIGH severity vulnerability in Print Science Designer allowing attackers to read arbitrary files on the server due to improper input validation.
You are affected if you are using Print Science Designer versions 0 through 1.3.155. Upgrade to version 1.3.156 or later to mitigate the risk.
Upgrade Print Science Designer to version 1.3.156 or later. As a temporary workaround, implement a WAF rule to block path traversal attempts.
Currently, there are no confirmed reports of active exploitation, but the lack of a public PoC does not guarantee safety.
Please refer to the Print Science Designer website or relevant security mailing lists for the official advisory.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.