{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4370", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-05T19:49:56.278Z", "datePublished": "2025-07-29T04:23:46.517Z", "dateUpdated": "2026-04-08T17:27:30.972Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:27:30.972Z"}, "affected": [{"vendor": "themefusecom", "product": "Brizy \u2013 Page Builder", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.6.20", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated attackers to upload .TXT files on the affected site's server."}], "title": "Brizy <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db18f6b4-600d-4c63-a9f2-4e3b8ab4fba3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/brizy/tags/2.6.17/editor/asset/static-file-trait.php#L44"}, {"url": "https://plugins.trac.wordpress.org/browser/brizy/tags/2.6.17/editor/asset/media-processor.php#L27"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}], "timeline": [{"time": "2025-04-28T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-07-28T16:22:11.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-29T14:02:47.577800Z", "id": "CVE-2025-4370", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-29T14:03:02.036Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4370", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-29T14:02:47.577800Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-29T14:02:58.850Z"}}], "cna": {"title": "Brizy <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "themefusecom", "product": "Brizy \u2013 Page Builder", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.6.20"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-28T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-07-28T16:22:11.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db18f6b4-600d-4c63-a9f2-4e3b8ab4fba3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/brizy/tags/2.6.17/editor/asset/static-file-trait.php#L44"}, {"url": "https://plugins.trac.wordpress.org/browser/brizy/tags/2.6.17/editor/asset/media-processor.php#L27"}], "descriptions": [{"lang": "en", "value": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated attackers to upload .TXT files on the affected site's server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:27:30.972Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4370", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:27:30.972Z", "dateReserved": "2025-05-05T19:49:56.278Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-29T04:23:46.517Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brizy:brizy:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "EEC4D1D4-091C-4212-BD56-916B4FA5DCC6", "versionEndExcluding": "2.6.21", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated attackers to upload .TXT files on the affected site's server."}, {"lang": "es", "value": "El complemento Brizy \u2013 Page Builder para WordPress es vulnerable a la carga limitada de archivos debido a la falta de autorizaci\u00f3n en la funci\u00f3n process_external_asset_urls, as\u00ed como a la falta de validaci\u00f3n de ruta en la funci\u00f3n store_file en todas las versiones hasta la 2.6.20 incluida. Esto permite que atacantes no autenticados carguen archivos .TXT en el servidor del sitio afectado."}], "id": "CVE-2025-4370", "lastModified": "2025-08-11T19:04:09.220", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-07-29T05:15:31.213", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/brizy/tags/2.6.17/editor/asset/media-processor.php#L27"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/brizy/tags/2.6.17/editor/asset/static-file-trait.php#L44"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db18f6b4-600d-4c63-a9f2-4e3b8ab4fba3?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:05:23.258791+00:00", "value": {"mitigation_remediation": ["Upgrade the Brizy plugin to a version that includes the fix for this vulnerability (e.g., 2.6.21 or later).", "If an immediate upgrade is not possible, block the upload of .TXT files or the vulnerable endpoints by adjusting WordPress media settings or using a security plugin to deny access to the affected functions.", "As a temporary safeguard, deactivate the Brizy plugin until the patch is applied to prevent unauthenticated file uploads."], "summary": {"action": "Patch", "impact": "Unauthenticated File Upload"}, "threat_synthesis": {"affected_systems": "All installations of the themefusecom Brizy \u2013 Page Builder plugin for WordPress up to and including version 2.6.20 are affected. The vulnerability is present in the free WordPress edition. The plugin versions listed in the known references indicate the flaw exists in tags 2.6.17 and earlier.", "description_and_impact": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to a limited file upload flaw caused by missing authorization checks in the process_external_asset_urls function and insufficient path validation in the store_file function. The issue allows an unauthenticated user to upload .TXT files to the application\u2019s file system, giving the attacker the ability to place arbitrary content on the server. The upload limitation is specific to .TXT files, but the presence of user-supplied files could be leveraged by an attacker to craft subsequent attacks that rely on the existence of that content, potentially affecting confidentiality and data integrity. This flaw represents a moderate risk to the affected WordPress site, as it permits the attacker to add files without authentication but does not grant immediate code execution.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a medium severity. The EPSS score of <1% suggests a very low probability of exploitation at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a web application request to the vulnerable upload endpoints, which does not require authentication. An attacker can exploit the flaw by sending a crafted HTTP request that triggers the asset processing functions, resulting in a .TXT file being stored on the server."}}}}, "created": "2025-07-29T10:00:57.151885+00:00", "updated": "2026-04-20T22:15:06.186462+00:00", "vendors": ["brizy", "brizy$PRODUCT$brizy", "brizy$PRODUCT$brizy-page_builder", "wordpress", "wordpress$PRODUCT$wordpress"]}