Plateforme
wordpress
Composant
staggs
Corrigé dans
2.11.1
CVE-2025-47637 describes an Arbitrary File Access vulnerability within the STAGGS application. This flaw allows attackers to upload files of any type, including malicious web shells, directly to the web server. Versions of STAGGS from 0.0.0 up to and including 2.11.0 are affected. A patch is available in version 2.11.1.
The impact of CVE-2025-47637 is severe. Successful exploitation allows an attacker to upload arbitrary files, most critically, web shells. A web shell provides the attacker with remote command execution capabilities on the compromised server. This can lead to complete server takeover, data exfiltration, and further lateral movement within the network. The attacker could modify or delete sensitive data, install malware, or use the server as a launchpad for attacks against other systems. Given the unrestricted file upload, there's no inherent protection against malicious file types, making this a high-risk vulnerability. The ability to upload a web shell effectively grants the attacker root access to the server, enabling them to perform any action the server's user account can.
CVE-2025-47637 was published on 2025-05-23. Its CRITICAL CVSS score indicates a high probability of exploitation. While no public Proof-of-Concept (POC) exploits have been publicly disclosed as of this writing, the ease of exploitation (unrestricted file upload) suggests that it is likely to become a target for attackers. The vulnerability's potential for remote code execution makes it a high-priority concern. It is not currently listed on KEV or EPSS, but given the severity, it warrants close monitoring.
Statut de l'Exploit
EPSS
0.41% (percentile 61%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-47637 is to immediately upgrade STAGGS to version 2.11.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Implement strict file upload validation on the server-side, rejecting any files that are not explicitly whitelisted as safe. Configure a Web Application Firewall (WAF) to block suspicious file uploads and detect web shell activity. Monitor server logs for unusual file creation or modification activity, particularly in web server directories. Consider using a proxy server to scan uploaded files for malicious content before they are stored on the server. After upgrading to version 2.11.1, verify the fix by attempting to upload a known malicious file type and confirming that the upload is blocked.
Actualice el plugin STAGGS a la última versión disponible para solucionar la vulnerabilidad de carga arbitraria de archivos. Verifique las actualizaciones del plugin directamente en el panel de administración de WordPress o a través del repositorio oficial de WordPress.org.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
It's a CRITICAL vulnerability in STAGGS allowing attackers to upload arbitrary files, including web shells, potentially leading to full server compromise.
If you are using STAGGS versions 0.0.0 through 2.11.0, you are vulnerable to this Arbitrary File Access issue.
Upgrade STAGGS to version 2.11.1 or later. If immediate upgrade isn't possible, implement temporary workarounds like file upload validation and WAF rules.
While no public POCs are currently available, the ease of exploitation suggests it's likely to become a target. Monitor your systems closely.
Refer to the official STAGGS security advisories and the NVD entry for CVE-2025-47637 for detailed information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.