CVE-2025-64253 is a path traversal vulnerability identified in the WordPress.org Health Check & Troubleshooting plugin, affecting versions up to and including 1.7.1. The vulnerability arises from improper sanitization of file path inputs, specifically involving the sequence '.../...//', which can be exploited by an authenticated user with high privileges to traverse directories outside the intended scope. This can lead to unauthorized reading of sensitive files on the server, compromising confidentiality. The vulnerability does not allow modification of files (integrity) or disruption of service (availability). Exploitation requires an authenticated user with elevated privileges, such as an administrator, but does not require user interaction beyond that. The CVSS v3.1 score is 4.9 (medium), with vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N, indicating network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, and high confidentiality impact. No public exploits have been reported yet, and no official patches are linked at this time. The plugin is widely used in WordPress environments for troubleshooting and health checks, making this vulnerability relevant to many websites and organizations relying on WordPress for their web presence.

For European organizations, this vulnerability poses a risk of unauthorized disclosure of sensitive information stored on web servers running vulnerable versions of the Health Check & Troubleshooting plugin. Confidential data such as configuration files, credentials, or other sensitive documents could be exposed to attackers with administrative access, potentially leading to further compromise or data breaches. While the vulnerability does not allow direct code execution or service disruption, the confidentiality breach can have serious compliance and reputational consequences, especially under GDPR regulations. Organizations with public-facing WordPress sites or internal WordPress deployments that use this plugin are at risk. The requirement for high privilege authentication limits the attack surface to insiders or compromised admin accounts, but this does not eliminate the risk, as credential theft or privilege escalation could enable exploitation. The absence of known exploits in the wild suggests a window of opportunity for defenders to remediate before active attacks occur.

1. Immediately restrict access to the Health Check & Troubleshooting plugin to trusted administrators only, minimizing the number of users with high privileges. 2. Monitor server logs for unusual file access patterns that may indicate attempted path traversal exploitation, focusing on requests containing '.../...//' sequences or anomalous file path requests. 3. Apply principle of least privilege to WordPress admin accounts and enforce strong authentication mechanisms, including multi-factor authentication, to reduce risk of credential compromise. 4. Regularly check for and apply updates or patches from the plugin vendor as soon as they become available to address this vulnerability. 5. Consider temporarily disabling the plugin if it is not essential, until a secure version is released. 6. Conduct internal audits of WordPress installations to identify vulnerable plugin versions and prioritize remediation. 7. Implement web application firewall (WAF) rules to detect and block path traversal attempts targeting this plugin’s endpoints.