CVE-2025-12041 identifies a missing authorization vulnerability (CWE-862) in the apos37 ERI File Library WordPress plugin, versions up to and including 1.1.0. The vulnerability stems from the absence of a capability check on the 'erifl_file' AJAX action endpoint, which is responsible for serving files to users. Because the plugin fails to verify user permissions before processing this AJAX request, unauthenticated attackers can remotely invoke this action and download files that should be restricted to specific user roles. The vulnerability is exploitable over the network without any authentication or user interaction, making it relatively easy to exploit. The CVSS v3.1 base score is 5.3 (medium severity), reflecting the limited impact on confidentiality only, with no integrity or availability impact. The scope is unchanged since the vulnerability affects only the plugin's own data access controls. No patches or fixes are currently linked, and no known exploits have been reported in the wild. This vulnerability highlights the importance of implementing proper authorization checks on all AJAX endpoints in WordPress plugins to prevent unauthorized data disclosure.

The primary impact of CVE-2025-12041 is unauthorized disclosure of files intended for restricted user roles, potentially exposing sensitive or confidential information. Organizations using the ERI File Library plugin may inadvertently leak internal documents, proprietary data, or user-specific files to unauthenticated attackers. Although the vulnerability does not affect data integrity or system availability, the confidentiality breach can lead to reputational damage, regulatory compliance issues (e.g., GDPR, HIPAA), and potential competitive disadvantage. The ease of exploitation without authentication increases the risk of automated scanning and mass exploitation attempts. However, the overall impact is somewhat limited by the plugin's market penetration and the nature of the files stored. Organizations relying heavily on this plugin for sensitive file management are at greater risk.

1. Immediately update the ERI File Library plugin once an official patch or fixed version is released by apos37. 2. Until a patch is available, implement web application firewall (WAF) rules to block or restrict access to the 'erifl_file' AJAX action endpoint from unauthenticated users. 3. Restrict access to sensitive files at the web server or file system level, ensuring that files intended for restricted roles are not directly accessible via predictable URLs. 4. Conduct a thorough audit of all AJAX endpoints in the WordPress environment to verify proper authorization checks are in place. 5. Monitor web server logs for unusual or repeated access attempts to the vulnerable AJAX action. 6. Educate site administrators about the risks of installing plugins without proper security reviews and encourage minimal plugin usage. 7. Consider disabling or removing the ERI File Library plugin if it is not essential to reduce attack surface.