CVE-2025-12721 identifies a missing authorization vulnerability (CWE-862) in the garidium g-FFL Cockpit plugin for WordPress, specifically in all versions up to and including 1.7.1. The vulnerability exists in the /server_status REST API endpoint, which lacks proper capability checks to verify if a requester is authorized to access sensitive server information. This flaw allows unauthenticated attackers to retrieve potentially sensitive data about the server environment, such as configuration details, software versions, or system status, which can be leveraged for further attacks or reconnaissance. The vulnerability is classified as Sensitive Information Exposure, impacting confidentiality but not integrity or availability. The CVSS 3.1 base score is 5.3 (medium severity), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network attack vector, low attack complexity, no privileges or user interaction required, and limited confidentiality impact. No patches or fixes have been published yet, and no active exploits have been reported in the wild. The vulnerability was reserved in early November 2025 and published in December 2025. The plugin is used within WordPress environments, which are widely deployed across many sectors, including business, government, and critical infrastructure. The lack of authorization checks on a REST API endpoint is a common security oversight that can expose internal server details to external attackers, increasing the risk of targeted exploitation.

For European organizations, this vulnerability poses a moderate risk primarily through the exposure of sensitive server information that could facilitate further attacks such as targeted exploitation, privilege escalation, or lateral movement. Organizations relying on the garidium g-FFL Cockpit plugin in WordPress environments may inadvertently expose internal server details to unauthenticated external actors. This is particularly concerning for sectors with high-value targets or sensitive data, such as finance, healthcare, government, and critical infrastructure. While the vulnerability does not directly allow data modification or service disruption, the information disclosure can lower the attacker's effort in crafting more damaging attacks. Additionally, the widespread use of WordPress in Europe, including in public sector websites and private enterprises, increases the potential attack surface. The absence of patches means organizations must rely on compensating controls until a fix is available. Failure to address this vulnerability could lead to increased reconnaissance by threat actors, potentially culminating in more severe breaches.

1. Immediately assess the presence of the garidium g-FFL Cockpit plugin in WordPress installations and identify versions up to 1.7.1. 2. Disable or uninstall the plugin if it is not essential to operations to eliminate the attack vector. 3. Implement web server or firewall rules to restrict access to the /server_status REST API endpoint, limiting it to trusted IP addresses or internal networks only. 4. Use WordPress security plugins or custom code to enforce capability checks on REST API endpoints, ensuring only authorized users can access sensitive information. 5. Monitor web server and application logs for unusual or repeated access attempts to the /server_status endpoint, indicating potential reconnaissance activity. 6. Engage with the vendor (garidium) to obtain information on planned patches or updates and prepare to apply them promptly once released. 7. Educate system administrators and security teams about the vulnerability and the importance of restricting REST API access. 8. Consider deploying Web Application Firewalls (WAFs) with rules to detect and block unauthorized REST API calls targeting this endpoint. 9. Regularly review and update WordPress and plugin versions to minimize exposure to known vulnerabilities. 10. Conduct internal audits to verify that no sensitive information is unnecessarily exposed via other REST API endpoints or plugins.