Main Vulnerability Database Exploits ID:11473 - Exploit for External Control of File Name or Path in WP Event Solution - CVE-2025-3419

ID:11473 - Exploit for External Control of File Name or Path in WP Event Solution - CVE-2025-3419

Published: June 6, 2025

Vulnerability identifier: #VU109995

Vulnerability risk: High

CVE-ID: CVE-2025-3419

CWE-ID: CWE-73

Exploitation vector: Remote access

Vulnerable software:
WP Event Solution

Link to public exploit:

https://github.com/Yucaerin/CVE-2025-3419

Vulnerability description

The vulnerability allows a remote attacker to read arbitrary files.

The vulnerability exists due to application allows an attacker to control path of the files to read within the proxy_image() function. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Remediation

Install updates from vendor's website.

ID:11473 - Exploit for External Control of File Name or Path in WP Event Solution - CVE-2025-3419

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human