The vulnerability identified as CVE-2025-6082 affects the mia4 Birth Chart Compatibility plugin for WordPress, specifically versions up to and including 2.0. The root cause is insufficient access control on the plugin's index.php file, which allows unauthenticated users to directly access it. When accessed, the file triggers an error that discloses the full filesystem path of the web application. This type of information disclosure is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The disclosed full path can aid attackers in crafting more targeted attacks such as local file inclusion, directory traversal, or privilege escalation by revealing the server's directory structure. However, the vulnerability itself does not allow direct compromise of confidentiality, integrity, or availability without the presence of additional vulnerabilities. The CVSS v3.1 base score is 5.3, reflecting a medium severity level due to the network attack vector, no required privileges, and no user interaction needed, but limited impact confined to information disclosure. There are no known exploits in the wild at this time, and no patches have been published yet. The vulnerability was reserved in June 2025 and published in July 2025 by Wordfence.

The primary impact of CVE-2025-6082 is the exposure of the full filesystem path of the WordPress installation to unauthenticated attackers. While this information disclosure does not directly compromise sensitive data or system integrity, it lowers the attacker's effort and increases the likelihood of successful exploitation of other vulnerabilities by providing critical environmental details. For organizations, this can lead to an increased risk of chained attacks such as remote code execution, local file inclusion, or privilege escalation if other plugin or server vulnerabilities exist. The impact is particularly relevant for websites relying on the affected plugin, as attackers can use the disclosed path information to tailor payloads or identify sensitive files. However, since no direct exploit or critical impact is present, the overall risk is moderate. Organizations with high-value WordPress sites or those in regulated industries should consider this vulnerability a potential stepping stone for more severe attacks.

To mitigate CVE-2025-6082, organizations should implement the following specific measures: 1) Restrict direct access to plugin files such as index.php by configuring web server rules (e.g., .htaccess for Apache or location blocks for Nginx) to deny or redirect unauthorized requests. 2) Employ a Web Application Firewall (WAF) with rules to block or alert on requests targeting plugin files that should not be directly accessible. 3) Monitor error logs and web traffic for unusual access patterns or error messages that reveal sensitive information. 4) Regularly update the Birth Chart Compatibility plugin once the vendor releases a patch addressing this vulnerability. 5) Harden WordPress installations by disabling verbose error messages in production environments to prevent leakage of sensitive information. 6) Conduct periodic security assessments and vulnerability scans to detect similar information disclosure issues. 7) Consider isolating or sandboxing plugins with known vulnerabilities until patches are available. These steps go beyond generic advice by focusing on access control, monitoring, and proactive hardening specific to this vulnerability.