Platform
wordpress
Component
zombify
Fixed in
1.7.6
CVE-2025-8385 describes a Path Traversal vulnerability affecting the Zombify WordPress plugin. This flaw allows authenticated attackers, even those with subscriber-level access, to potentially read sensitive files on the server. The vulnerability exists in versions 1.0.0 through 1.7.5 of the plugin and requires a race condition for successful exploitation. A fix is expected in a future release.
The primary impact of CVE-2025-8385 is the unauthorized disclosure of sensitive information. An attacker exploiting this vulnerability could read arbitrary files on the server, potentially including configuration files, database credentials, or even system files like /etc/passwd. While the vulnerability requires a race condition, successful exploitation could lead to significant data breaches and compromise the integrity of the WordPress environment. The ability to read system files could also provide attackers with valuable reconnaissance data for further attacks, such as privilege escalation or lateral movement within the network.
CVE-2025-8385 was publicly disclosed on 2025-10-31. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The race condition requirement may limit the ease of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is not yet available.
Exploit Status
EPSS
0.11% (30% percentile)
CISA SSVC
CVSS Vector
The recommended mitigation for CVE-2025-8385 is to upgrade the Zombify plugin to a patched version as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds. These may include restricting file access permissions on the server, implementing stricter input validation on the WordPress application, and using a Web Application Firewall (WAF) to filter out malicious requests. Monitor WordPress logs for suspicious activity, particularly requests targeting files outside the plugin's intended directory. After upgrading, confirm the vulnerability is resolved by attempting to access a non-existent file via a forged request and verifying that access is denied.
Update the Zombify plugin to a patched version (posterior to 1.7.5). This update addresses the path traversal vulnerability by properly validating user input, preventing unauthorized access to sensitive files on the server.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-8385 is a Path Traversal vulnerability affecting the Zombify WordPress plugin versions 1.0.0–1.7.5, allowing authenticated attackers to read arbitrary files.
You are affected if your WordPress site uses the Zombify plugin in versions 1.0.0 through 1.7.5. Upgrade as soon as a patch is available.
Upgrade the Zombify plugin to a patched version. Until then, implement temporary workarounds like restricting file access and using a WAF.
Currently, there are no known active campaigns exploiting CVE-2025-8385, but it's crucial to apply the fix to prevent future attacks.
Check the Zombify plugin's official website or WordPress plugin repository for updates and security advisories related to CVE-2025-8385.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.