Skip to main content

CVE-2025-28951: CWE-434 Unrestricted Upload of File with Dangerous Type in CreedAlly Bulk Featured Image

Critical
VulnerabilityCVE-2025-28951cvecve-2025-28951cwe-434
Published: Fri Jul 04 2025 (07/04/2025, 08:42:11 UTC)
Source: CVE Database V5
Vendor/Project: CreedAlly
Product: Bulk Featured Image

Description

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image allows Upload a Web Shell to a Web Server. This issue affects Bulk Featured Image: from n/a through 1.2.1.

AI-Powered Analysis

AILast updated: 07/14/2025, 21:13:58 UTC

Technical Analysis

CVE-2025-28951 is a critical vulnerability classified under CWE-434, which pertains to the unrestricted upload of files with dangerous types. This vulnerability affects the CreedAlly Bulk Featured Image plugin, versions up to 1.2.1. The core issue is that the plugin allows an attacker with high privileges (PR:H) to upload files without proper validation or restriction on file types. Consequently, an attacker can upload a malicious web shell to the web server hosting the plugin. The vulnerability has a CVSS 3.1 base score of 9.1, indicating a critical severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) reveals that the attack can be performed remotely over the network without user interaction, requires high privileges, and results in complete compromise of confidentiality, integrity, and availability with scope change. This means the attacker can execute arbitrary code remotely, potentially gaining full control over the affected web server and any data it hosts. Although no known exploits are currently reported in the wild, the nature of the vulnerability and its critical score suggest it is a high-risk issue that could be exploited once a public exploit becomes available. The lack of patch links indicates that a fix may not yet be publicly released, increasing the urgency for affected organizations to monitor for updates or apply mitigations.

Potential Impact

For European organizations, the impact of this vulnerability can be severe. Many enterprises and public sector entities use web applications that rely on third-party plugins like CreedAlly Bulk Featured Image for content management and media handling. Successful exploitation could lead to unauthorized remote code execution, allowing attackers to deploy web shells, escalate privileges, exfiltrate sensitive data, disrupt services, or pivot within the network. This could compromise personal data protected under GDPR, leading to regulatory penalties and reputational damage. Critical infrastructure providers, government agencies, and large enterprises are particularly at risk due to the potential for widespread disruption and data breaches. The scope change in the CVSS vector indicates that the attacker can affect resources beyond the initially vulnerable component, amplifying the threat. Given the high privileges required, insider threats or compromised accounts could be leveraged to exploit this vulnerability, emphasizing the need for strict access controls. The absence of known exploits in the wild currently provides a window for proactive defense, but the critical severity demands immediate attention to prevent future attacks.

Mitigation Recommendations

1. Immediate mitigation should include restricting file upload permissions to only trusted users and roles, minimizing the number of accounts with high privileges capable of uploading files. 2. Implement strict server-side validation to enforce allowed file types and reject any files that do not conform to expected safe formats (e.g., images only). 3. Employ web application firewalls (WAFs) with rules to detect and block attempts to upload web shells or suspicious file types. 4. Monitor file upload directories for unexpected or executable files and implement integrity checks or alerts for unauthorized changes. 5. Isolate the web server environment using containerization or sandboxing to limit the impact of a potential compromise. 6. Maintain up-to-date backups and test restoration procedures to recover quickly from any successful exploitation. 7. Closely monitor vendor communications for patches or updates addressing this vulnerability and apply them promptly once available. 8. Conduct regular security audits and penetration testing focusing on file upload functionalities to identify and remediate similar issues proactively.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-03-11T08:10:12.306Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 686796cb6f40f0eb729fa55d

Added to database: 7/4/2025, 8:54:35 AM

Last enriched: 7/14/2025, 9:13:58 PM

Last updated: 7/21/2025, 11:41:45 PM

Views: 22

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats