CVE-2025-8575 is a high-severity vulnerability affecting the LWS Cleaner plugin for WordPress, developed by aurelienlws. The vulnerability is classified as CWE-36, an Absolute Path Traversal flaw, and exists in the 'lws_cl_delete_file' function across all versions up to and including 2.4.1.3. This flaw arises due to insufficient validation of file paths before deletion operations are performed. An authenticated attacker with Administrator-level privileges or higher can exploit this vulnerability to delete arbitrary files on the server hosting the WordPress instance. The attack vector does not require user interaction but does require high privileges, which means the attacker must already have administrative access to the WordPress backend. By deleting critical files such as 'wp-config.php', the attacker can disrupt the integrity and availability of the WordPress site and potentially achieve remote code execution by manipulating the environment or forcing the site into a vulnerable state. The CVSS v3.1 score of 7.2 reflects the high impact on confidentiality, integrity, and availability, with network attack vector, low attack complexity, and no user interaction required. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to the widespread use of WordPress and the critical nature of the files that can be targeted. The lack of patch links indicates that a fix may not yet be publicly available, emphasizing the need for immediate mitigation and monitoring.

For European organizations relying on WordPress for their web presence, this vulnerability can have severe consequences. Exploitation can lead to the deletion of essential configuration files, causing website downtime, data loss, and potential exposure of sensitive information. The ability to achieve remote code execution following file deletion elevates the threat to critical infrastructure, enabling attackers to implant backdoors, deface websites, or pivot to internal networks. This can disrupt business operations, damage reputation, and lead to regulatory non-compliance, especially under GDPR where data integrity and availability are paramount. Organizations in sectors such as finance, healthcare, government, and e-commerce, which often use WordPress for public-facing portals, are particularly at risk. The requirement for administrator-level access means that insider threats or compromised admin credentials are key risk factors. Given the interconnected nature of European digital infrastructure, a successful attack could also have cascading effects on supply chains and service providers.

To mitigate this vulnerability, European organizations should first verify if they use the LWS Cleaner plugin and identify the version in use. Immediate steps include: 1) Restricting administrative access to trusted personnel and enforcing strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of credential compromise. 2) Implementing strict file system permissions on the server to limit the plugin's ability to delete critical files outside its intended scope. 3) Monitoring and auditing administrative actions within WordPress to detect suspicious file deletion attempts promptly. 4) Employing web application firewalls (WAFs) with custom rules to detect and block exploitation attempts targeting the vulnerable function. 5) Regularly backing up WordPress files and databases to enable rapid restoration in case of file deletion or site compromise. 6) Staying alert for official patches or updates from the plugin vendor and applying them promptly once available. 7) Considering temporary deactivation or removal of the LWS Cleaner plugin until a secure version is released. 8) Conducting internal security assessments to identify any signs of exploitation or unauthorized file deletions.