CVE-2025-12041 in ERI File Library Plugin
Summary
by MITRE • 10/31/2025
The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'erifl_file' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to download files restricted to specific user roles.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 10/31/2025
The vulnerability identified as CVE-2025-12041 affects the ERI File Library plugin for WordPress, representing a critical authorization flaw that undermines the security posture of affected systems. This issue stems from a missing capability check within the plugin's AJAX handling mechanism, specifically targeting the 'erifl_file' action which governs file access operations. The vulnerability exists across all versions of the plugin up to and including version 1.1.0, making it a widespread concern for WordPress administrators who have deployed this particular plugin. The flaw allows unauthenticated attackers to exploit the system's file access controls, bypassing the intended role-based restrictions that should prevent unauthorized users from accessing restricted files.
The technical implementation of this vulnerability resides in the plugin's AJAX endpoint handling where the 'erifl_file' action fails to verify whether the requesting user possesses the necessary permissions to access the requested file. This missing validation creates a path for attackers to directly call the AJAX endpoint with malicious parameters, effectively circumventing WordPress's built-in capability management system. The flaw operates at the application logic level, where proper access control checks are absent, allowing any user regardless of authentication status to request files that should only be accessible to users with specific roles. This represents a classic authorization bypass vulnerability that aligns with CWE-285, which describes improper authorization scenarios in software systems.
The operational impact of this vulnerability extends beyond simple data exposure, as it enables attackers to systematically enumerate and download files that are restricted to specific user roles within the WordPress environment. This unauthorized access capability can lead to the compromise of sensitive information including but not limited to user credentials, private documents, configuration files, and other restricted content that should remain protected. The vulnerability particularly affects organizations that rely on role-based access controls for their file management systems, as it completely undermines the security model that these roles are designed to enforce. Attackers can leverage this vulnerability to gain insights into the organization's internal structure, potentially identifying additional attack vectors or sensitive data repositories.
Mitigation strategies for this vulnerability require immediate action from WordPress administrators, including the immediate upgrade of the ERI File Library plugin to a version that addresses the missing capability check. The recommended approach involves implementing proper access control validation within the AJAX endpoint to ensure that only authenticated users with appropriate capabilities can access restricted files. Security practitioners should also consider implementing network-level controls such as firewall rules that restrict access to AJAX endpoints, though this represents a less robust solution compared to proper code-level fixes. Additionally, organizations should conduct comprehensive audits of their WordPress plugin ecosystem to identify similar authorization flaws that may exist in other third-party components. The vulnerability demonstrates the critical importance of implementing proper capability checks in web applications, particularly in AJAX endpoints where traditional session management may not be sufficient to prevent unauthorized access. This issue aligns with ATT&CK technique T1213.002, which covers data from information repositories, and highlights the need for robust access control mechanisms in content management systems.