{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9217", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-19T22:39:42.607Z", "datePublished": "2025-08-29T10:54:02.642Z", "dateUpdated": "2026-04-08T17:30:59.698Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:30:59.698Z"}, "affected": [{"vendor": "Revolution Slider", "product": "Slider Revolution", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.7.36", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the 'used_svg' and 'used_images' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "title": "Slider Revolution <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images'", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea49df40-e58f-4e20-8e48-ed0f9a1b94ca?source=cve"}, {"url": "https://www.sliderrevolution.com/documentation/changelog/#6-7-37"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Matthew Rollings"}], "timeline": [{"time": "2025-08-19T23:07:09.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-08-28T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-29T11:45:38.908323Z", "id": "CVE-2025-9217", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-29T11:45:43.478Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9217", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-29T11:45:38.908323Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-29T11:45:40.823Z"}}], "cna": {"title": "Slider Revolution <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images'", "credits": [{"lang": "en", "type": "finder", "value": "Matthew Rollings"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "Revolution Slider", "product": "Slider Revolution", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "6.7.36"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-08-19T23:07:09.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-08-28T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea49df40-e58f-4e20-8e48-ed0f9a1b94ca?source=cve"}, {"url": "https://www.sliderrevolution.com/documentation/changelog/#6-7-37"}], "descriptions": [{"lang": "en", "value": "The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the 'used_svg' and 'used_images' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:30:59.698Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9217", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:30:59.698Z", "dateReserved": "2025-08-19T22:39:42.607Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-29T10:54:02.642Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the 'used_svg' and 'used_images' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "id": "CVE-2025-9217", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-08-29T11:15:31.647", "references": [{"source": "security@wordfence.com", "url": "https://www.sliderrevolution.com/documentation/changelog/#6-7-37"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea49df40-e58f-4e20-8e48-ed0f9a1b94ca?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T19:45:09.213892+00:00", "value": {"mitigation_remediation": ["Upgrade Slider Revolution to version 6.7.37 or later.", "If an upgrade is not possible, remove or disable the 'used_svg' and 'used_images' options in the plugin settings to eliminate the remote input pathway.", "Ensure that Contributor and higher roles are strictly needed and monitor account activity for unauthorized file access attempts."], "summary": {"action": "Apply patch", "impact": "Arbitrary file read via path traversal"}, "threat_synthesis": {"affected_systems": "Revolution Slider: Slider Revolution WordPress plugin, all releases up to and including version 6.7.36.", "description_and_impact": "The vulnerability is a path traversal flaw in the Slider Revolution WordPress plugin that is triggered by the 'used_svg' and 'used_images' parameters. It enables an authenticated user with Contributor-level access or higher to read the contents of arbitrary files on the server, potentially exposing sensitive data.", "risk_and_exploitability": "The flaw carries a CVSS score of 6.5, indicating moderate severity, and an EPSS score of less than 1% showing a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalogue. Exploitation requires legitimate Contributor access, after which an attacker can supply crafted input to retrieve any file path on the server."}}}}, "created": "2026-04-20T19:45:15.515506+00:00", "updated": "2026-04-20T19:45:15.515523+00:00", "vendors": []}