← Back
2025-10-31 7:26CVE-2025-8385Wordfence
PUBLISHED5.2CWE-22

Zombify <= 1.7.5 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Read

The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5. This is due to insufficient input validation in the zf_get_file_by_url function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read arbitrary files on the server, including sensitive system files like /etc/passwd, via a forged request. It's worth noting that successfully exploiting this vulnerability relies on a race condition as the file generated will be deleted immediately.

Problem type

Affected products

PX-lab

Zombify

<= 1.7.5 - AFFECTED

References

wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/ef9010e3-f060-4bef-b62b-4a648f5e5577?source=cve

themeforest.net

https://themeforest.net/item/boombox-viral-buzz-wordpress-theme/16596434

GitHub Security Advisories

GHSA-xc8j-5rr8-8q9r

The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and...

https://github.com/advisories/GHSA-xc8j-5rr8-8q9r

The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5. This is due to insufficient input validation in the zf_get_file_by_url function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read arbitrary files on the server, including sensitive system files like /etc/passwd, via a forged request. It's worth noting that successfully exploiting this vulnerability relies on a race condition as the file generated will be deleted immediately.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2025-8385

themeforest.net

https://themeforest.net/item/boombox-viral-buzz-wordpress-theme/16596434

wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/ef9010e3-f060-4bef-b62b-4a648f5e5577?source=cve

github.com

https://github.com/advisories/GHSA-xc8j-5rr8-8q9r

JSON source

Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-8385",
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "dateUpdated": "2025-10-31T07:26:40.967Z",
    "dateReserved": "2025-07-30T18:45:04.999Z",
    "datePublished": "2025-10-31T07:26:40.967Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence",
        "dateUpdated": "2025-10-31T07:26:40.967Z"
      },
      "title": "Zombify <= 1.7.5 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Read",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5. This is due to insufficient input validation in the zf_get_file_by_url function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read arbitrary files on the server, including sensitive system files like /etc/passwd, via a forged request. It's worth noting that successfully exploiting this vulnerability relies on a race condition as the file generated will be deleted immediately."
        }
      ],
      "affected": [
        {
          "vendor": "PX-lab",
          "product": "Zombify",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "*",
              "status": "affected",
              "versionType": "semver",
              "lessThanOrEqual": "1.7.5"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
              "cweId": "CWE-22",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef9010e3-f060-4bef-b62b-4a648f5e5577?source=cve"
        },
        {
          "url": "https://themeforest.net/item/boombox-viral-buzz-wordpress-theme/16596434"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM"
          }
        }
      ],
      "timeline": [
        {
          "time": "2025-10-30T00:00:00.000+00:00",
          "lang": "en",
          "value": "Disclosed"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tonn",
          "type": "finder"
        }
      ]
    }
  }
}

Mitre source

https://cveawg.mitre.org/api/cve/CVE-2025-8385