{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12721", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-04T21:24:44.906Z", "datePublished": "2025-12-06T05:49:23.998Z", "dateUpdated": "2026-04-08T16:44:43.022Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:44:43.022Z"}, "affected": [{"vendor": "garidium", "product": "g-FFL Cockpit", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.7.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server_status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the server."}], "title": "g-FFL Cockpit <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2fd8c981-081c-4671-ad1e-3caf004669dd?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/g-ffl-cockpit/trunk/includes/class-sync-endpoint.php#L1385"}, {"url": "https://github.com/d0n601/CVE-2025-12721"}, {"url": "https://ryankozak.com/posts/cve-2025-12721/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3413768/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Ryan Kozak"}], "timeline": [{"time": "2025-12-05T17:38:38.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-08T20:58:06.270611Z", "id": "CVE-2025-12721", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-08T20:58:16.741Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12721", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-08T20:58:06.270611Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-08T20:58:12.425Z"}}], "cna": {"title": "g-FFL Cockpit <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure", "credits": [{"lang": "en", "type": "finder", "value": "Ryan Kozak"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "garidium", "product": "g-FFL Cockpit", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.7.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-05T17:38:38.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2fd8c981-081c-4671-ad1e-3caf004669dd?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/g-ffl-cockpit/trunk/includes/class-sync-endpoint.php#L1385"}, {"url": "https://github.com/d0n601/CVE-2025-12721"}, {"url": "https://ryankozak.com/posts/cve-2025-12721/"}], "descriptions": [{"lang": "en", "value": "The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server_status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-12-06T05:49:23.998Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12721", "state": "PUBLISHED", "dateUpdated": "2025-12-08T20:58:16.741Z", "dateReserved": "2025-11-04T21:24:44.906Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-06T05:49:23.998Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server_status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the server."}], "id": "CVE-2025-12721", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-06T06:15:50.900", "references": [{"source": "security@wordfence.com", "url": "https://github.com/d0n601/CVE-2025-12721"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/g-ffl-cockpit/trunk/includes/class-sync-endpoint.php#L1385"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3413768/"}, {"source": "security@wordfence.com", "url": "https://ryankozak.com/posts/cve-2025-12721/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2fd8c981-081c-4671-ad1e-3caf004669dd?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-27T22:42:54.253914+00:00", "value": {"mitigation_remediation": ["Update the g-FFL Cockpit plugin to the newest release from garidium", "If no update is available, restrict access to the /server_status endpoint by implementing authentication checks or disabling the endpoint via the plugin\u2019s configuration or a server\u2011level firewall rule.", "Monitor incoming traffic to the /server_status endpoint for unexpected or unauthenticated requests and log such activity for further investigation."], "summary": {"action": "Assess Impact", "impact": "Sensitive Information Exposure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the g\u2011FFL Cockpit plugin from garidium, affecting all installed releases up to and including version 1.7.1. The plugin is distributed as a WordPress plugin and relies on the WordPress REST API.", "description_and_impact": "The g-FFL Cockpit plugin for WordPress allows unauthenticated callers to access the /server_status REST API endpoint without performing any capability checks. This omission leads to a Sensitive Information Exposure flaw, enabling attackers to obtain server\u2011level details such as operating system, PHP configuration, and possibly file paths. The weakness is identified as CWE\u2011862, a missing authorization issue, and results in confidentiality loss rather than code execution or denial of service.", "risk_and_exploitability": "The CVSS score of 5.3 classifies the flaw as medium severity. With an EPSS score of less than 1\u202f% and no listing in CISA KEV, the likelihood of real\u2011world exploitation is low, yet the impact on confidentiality can be significant if the server details are leveraged for further attacks. Attackers likely exploit the flaw by sending unauthenticated HTTP requests to the /server_status endpoint, requiring no special privileges or user interaction."}}}}, "created": "2025-12-08T09:39:35.692248+00:00", "updated": "2026-04-27T22:45:15.490519+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}