CVE-2025-7518 is a path traversal vulnerability classified under CWE-22, found in the RSFirewall! plugin for WordPress, affecting all versions up to and including 1.1.42. The vulnerability arises from improper limitation of pathname inputs in the get_local_filename() function, which fails to adequately sanitize or restrict file path parameters. This flaw enables authenticated attackers with Administrator-level access or higher to manipulate file path inputs to access arbitrary files on the server filesystem outside the intended directory scope. Such files may include sensitive configuration files, credentials, or other private data, leading to confidentiality breaches. The vulnerability requires authentication with elevated privileges, does not require user interaction, and does not impact system integrity or availability. The CVSS v3.1 base score is 4.9, reflecting a medium severity level due to the high privilege requirement and network attack vector. No public exploits have been reported yet, but the vulnerability poses a risk to organizations relying on RSFirewall! for WordPress security. The lack of a patch link indicates that a fix may not yet be available, emphasizing the need for immediate mitigation steps.

The primary impact of CVE-2025-7518 is unauthorized disclosure of sensitive information stored on the affected server. Attackers with Administrator-level access can leverage this vulnerability to read arbitrary files, potentially exposing credentials, configuration files, private keys, or other critical data. This breach of confidentiality can facilitate further attacks, including privilege escalation, lateral movement, or data exfiltration. Although integrity and availability are not directly affected, the exposure of sensitive files can undermine organizational security posture and compliance with data protection regulations. Organizations worldwide using RSFirewall! in WordPress environments are at risk, particularly those with high-value or sensitive data. The requirement for high privileges limits exploitation to insiders or compromised administrator accounts, but the risk remains significant given the potential data exposure.

Organizations should immediately audit their WordPress installations to identify the use of RSFirewall! plugin versions up to 1.1.42. Until an official patch is released, administrators should restrict access to the WordPress admin panel to trusted personnel only and enforce strong authentication mechanisms such as multi-factor authentication to reduce the risk of credential compromise. Additionally, monitoring and logging access to sensitive files and the plugin’s functions can help detect exploitation attempts. Implementing web application firewalls (WAFs) with custom rules to detect and block path traversal patterns targeting the get_local_filename() function parameters can provide temporary protection. Regular backups and segmentation of sensitive data on the server can limit exposure. Once a patch is available, prompt application of the update is critical. Finally, reviewing and minimizing the number of users with Administrator privileges reduces the attack surface.