CVE-2025-2105: CWE-502 Deserialization of Untrusted Data in artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'raven_download_file' function. This makes it possible for attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with the file download action, and the ability to upload files is also present. Otherwise, this would be considered exploitable by Contributor-level users and above, because they could create the form needed to successfully exploit this.
AI Analysis
Technical Summary
The Jupiter X Core WordPress plugin is vulnerable to PHP Object Injection through unsafe deserialization of the 'file' parameter in the 'raven_download_file' function. This vulnerability affects all versions up to and including 4.8.11. Exploitation depends on the presence of a POP chain in other installed plugins or themes, which would enable an attacker to perform actions such as arbitrary file deletion, data retrieval, or code execution. Unauthenticated exploitation is possible only if a file download form and upload capability are present; otherwise, exploitation requires at least Contributor-level access to create the necessary form. The CVSS 3.1 score is 8.1 (high severity) reflecting network attack vector, high impact on confidentiality, integrity, and availability, but requiring high attack complexity and no privileges. No patch or official fix information is currently available.
Potential Impact
If exploited in an environment where a POP chain is present, this vulnerability can lead to severe consequences including arbitrary file deletion, sensitive data exposure, or remote code execution. The vulnerability is exploitable remotely over the network without authentication only under specific conditions (presence of a file download form and upload capability). Otherwise, exploitation requires authenticated users with Contributor-level privileges or higher. Without a POP chain, the vulnerability has no impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, administrators should review installed plugins and themes for potential POP chains that could be leveraged. Restrict file upload and download functionalities where possible, and limit user privileges to reduce the risk of exploitation. Monitor vendor channels for updates and apply patches promptly once released.
CVE-2025-2105: CWE-502 Deserialization of Untrusted Data in artbees Jupiter X Core
Description
The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'raven_download_file' function. This makes it possible for attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with the file download action, and the ability to upload files is also present. Otherwise, this would be considered exploitable by Contributor-level users and above, because they could create the form needed to successfully exploit this.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Jupiter X Core WordPress plugin is vulnerable to PHP Object Injection through unsafe deserialization of the 'file' parameter in the 'raven_download_file' function. This vulnerability affects all versions up to and including 4.8.11. Exploitation depends on the presence of a POP chain in other installed plugins or themes, which would enable an attacker to perform actions such as arbitrary file deletion, data retrieval, or code execution. Unauthenticated exploitation is possible only if a file download form and upload capability are present; otherwise, exploitation requires at least Contributor-level access to create the necessary form. The CVSS 3.1 score is 8.1 (high severity) reflecting network attack vector, high impact on confidentiality, integrity, and availability, but requiring high attack complexity and no privileges. No patch or official fix information is currently available.
Potential Impact
If exploited in an environment where a POP chain is present, this vulnerability can lead to severe consequences including arbitrary file deletion, sensitive data exposure, or remote code execution. The vulnerability is exploitable remotely over the network without authentication only under specific conditions (presence of a file download form and upload capability). Otherwise, exploitation requires authenticated users with Contributor-level privileges or higher. Without a POP chain, the vulnerability has no impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, administrators should review installed plugins and themes for potential POP chains that could be leveraged. Restrict file upload and download functionalities where possible, and limit user privileges to reduce the risk of exploitation. Monitor vendor channels for updates and apply patches promptly once released.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-03-07T19:42:10.279Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d983dc4522896dcbef325
Added to database: 5/21/2025, 9:09:17 AM
Last enriched: 4/9/2026, 5:10:24 PM
Last updated: 5/9/2026, 6:46:51 PM
Views: 117
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.