Platform
wordpress
Component
taskbot
Fixed in
6.4.1
CVE-2025-58959 identifies an Arbitrary File Access vulnerability within AmentoTech Taskbot, allowing attackers to potentially read sensitive files. This path traversal flaw impacts versions of Taskbot from 0.0.0 through 6.4. A patch, version 6.4.1, has been released to address this security concern.
The Arbitrary File Access vulnerability allows an attacker to bypass intended access controls and read files outside of the intended directory. Successful exploitation could lead to the disclosure of configuration files, source code, or other sensitive data stored on the server. Depending on the files accessible, this could lead to further compromise, including privilege escalation or data exfiltration. The impact is amplified if the Taskbot installation is used to manage critical business processes or stores sensitive user data.
CVE-2025-58959 was published on 2025-10-22. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The vulnerability's severity is rated HIGH, indicating a significant risk if exploited. It is not listed on the CISA KEV catalog at the time of this writing.
Exploit Status
EPSS
0.07% (20% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-58959 is to immediately upgrade Taskbot to version 6.4.1 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../). Carefully review Taskbot's file permissions to ensure that only necessary files are accessible to the webserver user. Monitor Taskbot logs for suspicious file access attempts. After upgrading, confirm the fix by attempting a path traversal attack and verifying that access is denied.
Update the Taskbot plugin to the latest available version to mitigate the directory traversal vulnerability. Check for updates in the WordPress repository or on the developer's website. Implement additional security measures, such as user permission restrictions and input validation, to strengthen your website's security.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-58959 is a HIGH severity vulnerability in AmentoTech Taskbot allowing attackers to access files outside of the intended directory via a path traversal flaw. It affects versions 0.0.0–6.4.
If you are using AmentoTech Taskbot version 0.0.0 through 6.4, you are potentially affected by this vulnerability. Upgrade to 6.4.1 or later to mitigate the risk.
The recommended fix is to upgrade Taskbot to version 6.4.1 or later. As a temporary workaround, implement a WAF rule to block path traversal attempts.
As of the current date, there are no confirmed reports of active exploitation of CVE-2025-58959.
Please refer to the AmentoTech website or their security advisory page for the official advisory regarding CVE-2025-58959.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.