How to fix CVE-2025-5526?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Buddypress Docs affected by CVE-2025-5526?

Organizations using BuddyPress Docs WordPress should be aware of moderate risk from CVE-2025-5526 rated CVSS 4.3. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available.

CVE-2025-5526

EUVD-2025-19252 MEDIUM

2025-06-27 [email protected]

WordPress Information Disclosure Buddypress Docs PHP

4.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

patch_available

Apr 16, 2026 - 05:29 EUVD

2.2.5

Analysis Generated

Mar 16, 2026 - 00:16 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 00:16 euvd

EUVD-2025-19252

PoC Detected

Jul 03, 2025 - 16:56 vuln.today

Public exploit code

CVE Published

Jun 27, 2025 - 06:15 nvd

MEDIUM 4.3

DescriptionNVD

The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user

AnalysisAI

A security vulnerability in BuddyPress Docs WordPress (CVSS 4.3) that allows a logged. Risk factors: public PoC available.

Technical ContextAI

Vulnerability type not specified by vendor. Affects BuddyPress Docs WordPress.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-5526 vulnerability details – vuln.today

Back

CVE-2025-5526

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code