What is the CVSS score of CVE-2025-68549?

CVE-2025-68549 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of PHP are affected by CVE-2025-68549?

A critical vulnerability in zozothemes Wiguard allows attackers to upload malicious files without restrictions, potentially leading to complete system compromise, data theft, and service disruption.

How to fix or mitigate CVE-2025-68549?

Within 24 hours: Identify all instances of Wiguard in use across your environment and isolate affected systems from production traffic if possible. Within 7 days: Implement compensating controls (see below), document all Wiguard deployments, and establish monitoring for suspicious file uploads. Within 30 days: Evaluate alternative file management solutions, plan migration away from Wiguard, and maintain heightened security monitoring until vendor patch is released or product is decommissioned.

PHP CVE-2025-68549

CRITICAL

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-02-20 audit@patchstack.com

PHP WordPress RCE Remote Code Execution

9.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

CVE Published

Feb 20, 2026 - 16:22 nvd

CRITICAL 9.9

DescriptionNVD

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through < 2.0.1.