What is the CVSS score of CVE-2025-50002?

CVE-2025-50002 has a CVSS 3.1 base score of 10.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Farost Energia are affected by CVE-2025-50002?

Farost Energia versions 1.1.2 and earlier contain a critical vulnerability allowing attackers to upload and execute malicious files on affected web servers, potentially leading to complete system…

How to fix or mitigate CVE-2025-50002?

Within 24 hours: Inventory all Farost Energia deployments and assess internet exposure; implement network segmentation to restrict access to affected systems. Within 7 days: Deploy compensating controls including WAF rules to block file uploads and disable upload functionality if operationally feasible; monitor logs for suspicious upload activity. Within 30 days: Contact Farost Energia for patch availability and timeline; evaluate alternative solutions or plan migration if patch is unavailable; conduct forensic analysis for signs of compromise.

Farost Energia CVE-2025-50002

CRITICAL

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-01-22 audit@patchstack.com

File Upload

10.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 23, 2026 - 15:43 vuln.today

cvss_changed

CVSS changed

Apr 23, 2026 - 15:43 NVD

9.8 (CRITICAL) 10.0 (CRITICAL)

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 22, 2026 - 17:15 nvd

CRITICAL 9.8

DescriptionNVD

Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: from n/a through <= 1.1.2.

AnalysisAI

Farost Energia WordPress plugin allows unrestricted file upload enabling attackers to upload web shells and achieve remote code execution on the WordPress server.

Technical ContextAI

The Energia plugin by Farost has a CWE-434 unrestricted upload vulnerability that accepts files of any type without validation, allowing attackers to upload executable PHP files.

Affected ProductsAI

Farost Energia WordPress plugin

RemediationAI

Remove or update the plugin. Implement file type whitelist validation.

CVE-2025-50002 vulnerability details – vuln.today

Back

Farost Energia CVE-2025-50002

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code