CVE-2025-12558 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) affecting the Beaver Builder Page Builder plugin for WordPress, specifically all versions up to and including 2.9.4. The vulnerability arises from the 'get_attachment_sizes' function, which improperly exposes sensitive data related to private attachments. Authenticated attackers with at least Contributor-level privileges can exploit this flaw to retrieve the file paths and metadata of private attachments that should otherwise be inaccessible. This exposure could allow attackers to gain insights into the structure and contents of private files, potentially facilitating further attacks or unauthorized data access. The vulnerability has a CVSS v3.1 base score of 4.3, indicating medium severity, with an attack vector of network, low attack complexity, and requiring privileges but no user interaction. The scope remains unchanged, and the impact is limited to confidentiality loss without affecting integrity or availability. No patches or exploit code are currently publicly available, but the vulnerability is officially published and should be addressed promptly by site administrators.

The primary impact of this vulnerability is the unauthorized disclosure of sensitive information, specifically private attachment paths and metadata within WordPress sites using the affected Beaver Builder plugin. This can lead to privacy violations and could aid attackers in mapping the file structure or identifying sensitive content for further exploitation. Although the vulnerability requires authenticated access at Contributor level or higher, many WordPress sites allow user registrations or have multiple contributors, increasing the risk of exploitation. The exposure does not directly compromise system integrity or availability but can undermine trust and confidentiality, especially for sites handling sensitive or proprietary content. Organizations relying on Beaver Builder for content management may face data leakage risks, regulatory compliance issues, and reputational damage if exploited.

To mitigate CVE-2025-12558, organizations should first check for and apply any official patches or updates released by the Beaver Builder development team once available. Until a patch is released, administrators should restrict Contributor-level access and above to trusted users only, minimizing the number of accounts that can exploit this vulnerability. Implementing strict user role management and auditing user permissions can reduce exposure. Additionally, consider disabling or limiting the use of the affected 'get_attachment_sizes' functionality if feasible through plugin settings or custom code. Monitoring logs for unusual access patterns to attachment metadata and private files can help detect exploitation attempts. Employing a Web Application Firewall (WAF) with rules targeting suspicious authenticated requests may provide temporary protection. Finally, educating site administrators and contributors about the risks and signs of exploitation is recommended.