← voltar
CVE-2025-12721

g-FFL Cockpit <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure

CVSS 5.3 MEDIUMEPSS 0.2%CWE-862
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
06 dez 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server_status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
garidium · g-FFL Cockpit