CVE-2025-8575 is a high-severity vulnerability affecting the LWS Cleaner plugin for WordPress, developed by aurelienlws. The vulnerability arises from improper validation of file paths in the 'lws_cl_delete_file' function, which allows an authenticated attacker with Administrator-level privileges or higher to perform arbitrary file deletion on the server hosting the WordPress instance. This is classified as an Absolute Path Traversal vulnerability (CWE-36), where the attacker can manipulate file path inputs to delete files outside the intended directory scope. Because the attacker must have administrative access, the attack vector is limited to users who already have elevated privileges within the WordPress environment. However, the impact is severe: by deleting critical files such as 'wp-config.php', the attacker can disrupt the website's configuration and potentially trigger remote code execution (RCE) scenarios, enabling full compromise of the server. The vulnerability affects all versions of the LWS Cleaner plugin up to and including version 2.4.1.3. The CVSS v3.1 base score is 7.2, reflecting high severity with network attack vector, low attack complexity, high privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. No public exploits have been reported yet, and no patches are currently linked, indicating that mitigation may rely on vendor updates or manual intervention. This vulnerability is particularly dangerous because it leverages legitimate administrative access to escalate damage, bypassing typical external attack barriers. Organizations using the LWS Cleaner plugin should consider this a critical risk to their WordPress infrastructure.

For European organizations, the impact of CVE-2025-8575 can be significant, especially for those relying on WordPress websites with the LWS Cleaner plugin installed. The ability for an attacker with admin credentials to delete arbitrary files can lead to website downtime, data loss, and potential full server compromise through remote code execution. This can disrupt business operations, damage brand reputation, and lead to regulatory compliance issues under GDPR if personal data is exposed or lost. The attack requires administrative access, so insider threats or compromised admin accounts pose the greatest risk. Given the widespread use of WordPress across Europe for corporate, governmental, and e-commerce sites, this vulnerability could be exploited to target critical services or sensitive data. Additionally, the deletion of configuration files or other critical system files can cause prolonged outages and costly recovery efforts. The lack of known public exploits currently provides a window for mitigation, but the high severity score and ease of exploitation by privileged users necessitate immediate attention to prevent potential exploitation.

1. Immediate mitigation should include auditing all WordPress installations to identify the presence of the LWS Cleaner plugin and its version. 2. Restrict administrative access strictly to trusted personnel and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of credential compromise. 3. Until an official patch is released, consider disabling or uninstalling the LWS Cleaner plugin to eliminate the attack surface. 4. Implement file integrity monitoring on critical files like wp-config.php to detect unauthorized deletions or modifications promptly. 5. Regularly back up WordPress files and databases, ensuring backups are stored securely and tested for restoration to minimize downtime in case of an attack. 6. Monitor server and WordPress logs for unusual file deletion activities or suspicious admin actions. 7. Follow vendor communications closely for patch releases and apply updates immediately upon availability. 8. Employ web application firewalls (WAF) with custom rules to detect and block suspicious path traversal attempts, although this may be limited given the need for admin access. 9. Conduct security awareness training for administrators to recognize phishing or social engineering attempts that could lead to credential compromise.