The vulnerability identified as CVE-2025-12721 affects the garidium g-FFL Cockpit plugin for WordPress, specifically all versions up to and including 1.7.1. The issue is classified under CWE-862 (Missing Authorization) and involves the /server_status REST API endpoint, which lacks proper capability checks. This flaw allows unauthenticated attackers to query the endpoint and retrieve sensitive information about the server environment. Such information may include server configuration details, software versions, or other metadata that could facilitate further attacks or exploitation. The vulnerability does not require any privileges or user interaction, making it easily exploitable remotely. The CVSS v3.1 base score is 5.3, indicating a medium severity level, with the vector showing network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), confidentiality impact low (C:L), and no impact on integrity or availability (I:N/A:N). No patches are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability primarily impacts confidentiality by exposing sensitive server information, which could be leveraged in subsequent targeted attacks or reconnaissance phases.

For European organizations, this vulnerability poses a risk of sensitive information disclosure that could aid attackers in mapping network infrastructure, identifying software versions, or uncovering configuration details. While it does not directly compromise data integrity or availability, the exposed information can be a stepping stone for more sophisticated attacks such as privilege escalation, targeted phishing, or exploitation of other vulnerabilities. Organizations with public-facing WordPress sites using the garidium g-FFL Cockpit plugin are particularly vulnerable. This could affect sectors with high reliance on WordPress for web presence, including government, education, and private enterprises. The medium severity indicates that while immediate damage may be limited, the potential for information leakage and subsequent exploitation is significant enough to warrant prompt attention. The lack of authentication requirements increases the attack surface, especially for sites accessible over the internet.

Organizations should immediately audit their WordPress installations to identify the presence of the garidium g-FFL Cockpit plugin, especially versions up to 1.7.1. Until an official patch is released, administrators should restrict access to the /server_status REST API endpoint by implementing web application firewall (WAF) rules or server-level access controls (e.g., IP whitelisting or authentication requirements). Disabling or removing the plugin if it is not essential can also mitigate risk. Monitoring web server logs for unusual or repeated access attempts to the /server_status endpoint can help detect exploitation attempts. Additionally, organizations should maintain up-to-date backups and ensure that WordPress core and all plugins are regularly updated to the latest secure versions. Engaging with the vendor for patch timelines and applying updates promptly upon release is critical. Finally, conducting internal security assessments to identify any information leakage vectors related to this plugin is recommended.