CVE-2025-12721 identifies a missing authorization vulnerability (CWE-862) in the garidium g-FFL Cockpit plugin for WordPress, specifically in all versions up to and including 1.7.1. The vulnerability exists because the /server_status REST API endpoint does not perform capability checks, allowing any unauthenticated user to query this endpoint and retrieve sensitive server information. This information exposure can include details about the server environment, configurations, or other metadata that could be leveraged by attackers for further targeted attacks or exploitation. The vulnerability is remotely exploitable without authentication or user interaction, increasing its accessibility to attackers. However, the impact is limited to confidentiality, as the vulnerability does not permit modification or disruption of server data or services. No patches have been released yet, and no known exploits have been observed in the wild. The CVSS 3.1 base score of 5.3 reflects a medium severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), confidentiality impact low (C:L), and no integrity or availability impact (I:N, A:N). This vulnerability highlights the importance of implementing proper authorization checks on REST API endpoints in WordPress plugins to prevent unauthorized data disclosure.

The primary impact of CVE-2025-12721 is the unauthorized disclosure of sensitive server information to unauthenticated attackers. This exposure can facilitate reconnaissance efforts, enabling attackers to gather intelligence about the server environment, software versions, configurations, or other metadata that may reveal additional vulnerabilities or weaknesses. While the vulnerability does not allow attackers to modify data or disrupt services, the information gained can be used to craft more effective attacks such as targeted exploits, phishing campaigns, or lateral movement within a network. Organizations relying on the garidium g-FFL Cockpit plugin may face increased risk of follow-on attacks, especially if the exposed information includes details about server software or infrastructure components. The lack of authentication requirements and ease of exploitation increase the likelihood of scanning and automated attacks. Although no known exploits are currently reported, the vulnerability's presence in all versions up to 1.7.1 means a broad range of installations could be affected, potentially impacting websites and services globally that use this plugin.

To mitigate CVE-2025-12721, organizations should take the following specific actions: 1) Immediately audit the use of the garidium g-FFL Cockpit plugin on WordPress installations and identify all instances of the vulnerable versions (up to 1.7.1). 2) Disable or restrict access to the /server_status REST API endpoint by implementing server-level access controls such as IP whitelisting or firewall rules to block unauthenticated requests. 3) If possible, remove or deactivate the g-FFL Cockpit plugin until a security patch or update addressing the missing authorization is released by the vendor. 4) Monitor web server logs and network traffic for unusual or repeated access attempts to the /server_status endpoint to detect potential reconnaissance activity. 5) Engage with the plugin vendor or community to obtain updates or patches and apply them promptly once available. 6) Review and harden WordPress REST API permissions across all plugins to ensure that sensitive endpoints require appropriate authentication and authorization. 7) Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block unauthorized access attempts to REST API endpoints. These targeted mitigations go beyond generic advice by focusing on endpoint-specific controls and proactive monitoring.