CVE-2025-12558 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) affecting the Beaver Builder Page Builder plugin for WordPress, versions up to 2.9.4. The issue arises from the 'get_attachment_sizes' function, which improperly exposes sensitive data related to private attachments. Authenticated users with Contributor-level access or higher can exploit this flaw to extract metadata and file paths of private attachments that should otherwise remain inaccessible. This exposure does not require user interaction beyond authentication and can be performed remotely over the network. The vulnerability impacts confidentiality by allowing unauthorized disclosure of private file information but does not affect integrity or availability of the system. The CVSS v3.1 score is 4.3, indicating medium severity, with an attack vector of network, low attack complexity, and privileges required at the contributor level. No patches or exploits are currently known, but the risk remains for organizations that allow contributors to upload or manage content. The vulnerability is significant in environments where sensitive or private media files are stored and managed via Beaver Builder, especially in multi-user WordPress installations.

For European organizations, this vulnerability poses a risk primarily to confidentiality of sensitive media files managed through Beaver Builder. Organizations that use WordPress extensively for content management and allow multiple contributors to upload or manage attachments are at risk of unauthorized exposure of private files. This could lead to leakage of intellectual property, personal data, or other sensitive information, potentially violating GDPR requirements regarding data protection and privacy. While the vulnerability does not allow modification or deletion of data, the exposure of file paths and metadata can facilitate further attacks or data harvesting. The impact is more pronounced in sectors such as media, publishing, education, and government agencies that rely on WordPress for managing sensitive content. The absence of known exploits reduces immediate risk, but the medium severity score and ease of exploitation by authenticated contributors necessitate prompt attention.

European organizations should implement the following specific mitigations: 1) Immediately review and restrict user roles and permissions in WordPress, limiting Contributor-level access only to trusted users and minimizing their ability to upload or manage attachments. 2) Monitor Beaver Builder plugin updates closely and apply patches as soon as they become available. 3) Implement additional access controls or plugins that restrict access to private attachments beyond default WordPress capabilities. 4) Conduct audits of existing attachments to identify any sensitive files that may have been exposed. 5) Educate content contributors about the sensitivity of attachments and enforce policies on file uploads. 6) Consider disabling or replacing Beaver Builder if the plugin is not essential or if no timely patch is available. 7) Employ web application firewalls (WAFs) with custom rules to detect and block suspicious requests targeting the vulnerable function. 8) Regularly review WordPress logs for unusual access patterns related to attachments. These measures go beyond generic advice by focusing on role management, monitoring, and compensating controls specific to the vulnerability.