CVE-2025-62867

MEDIUM
2025-12-09 [email protected]
Information Disclosure
4.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 15:22 vuln.today
CVE Published
Dec 09, 2025 - 16:18 nvd
MEDIUM 4.3

DescriptionNVD

Missing Authorization vulnerability in ergonet Ergonet Cache ergonet-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ergonet Cache: from n/a through <= 1.0.13.

AnalysisAI

Ergonet Cache plugin versions up to 1.0.13 allows authenticated users to bypass access control checks and modify unauthorized data due to missing authorization validation. The vulnerability requires user authentication (PR:L) but has low real-world risk per EPSS (0.04%), though it can lead to unauthorized content modification in affected WordPress installations.

Technical ContextAI

The vulnerability stems from CWE-862 (Missing Authorization), a failure to verify whether an authenticated user has permission to perform specific actions. In the context of ergonet-varnish-cache (a WordPress caching plugin), this likely manifests in administrative or configuration endpoints that check for valid user authentication but fail to validate role-based or capability-level permissions required to modify cache settings, policies, or sensitive configuration. The plugin operates within the WordPress ecosystem and the misconfigured access control allows authenticated users with insufficient privileges to perform actions reserved for higher-privileged roles (e.g., administrators).

Affected ProductsAI

The Ergonet Cache plugin (ergonet-varnish-cache) for WordPress is affected in versions from unspecified release through version 1.0.13 inclusive. The CPE context indicates this is a WordPress plugin distributed through the Patchstack database. Affected installations include any WordPress site running the ergonet-varnish-cache plugin at or below version 1.0.13.

RemediationAI

Upgrade the Ergonet Cache plugin to a version newer than 1.0.13 immediately. Check the official plugin repository or vendor advisory at https://patchstack.com/database/Wordpress/Plugin/ergonet-varnish-cache/vulnerability/wordpress-ergonet-cache-plugin-1-0-11-broken-access-control-vulnerability for the latest patched release and installation instructions. As an interim mitigation, restrict WordPress user account creation and audit existing accounts to remove unnecessary user privileges; however, this does not fully remediate the authorization bypass and should only be a temporary measure pending patch deployment.

Share

CVE-2025-62867 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy