CVE-2025-2257
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-2257
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2257.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-2257
- Published
- 2025-03-26T09:15:16Z
- Modified
- 2025-05-23T03:03:53.006902Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compressionlevel setting. This is due to the plugin using the compressionlevel setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server.
- References
-
- https://github.com/BoldGrid/boldgrid-backup/pull/622/files
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257988%40boldgrid-backup&new=3257988%40boldgrid-backup&sfp_email=&sfph_mail=#file9
- https://plugins.svn.wordpress.org/boldgrid-backup/tags/1.16.7/admin/compressor/class-boldgrid-backup-admin-compressor-system-zip.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec3cc3e-c11b-43b6-9dd0-caa5ccfb90c8?source=cve
Affected packages
Git / github.com/boldgrid/boldgrid-backup
Affected ranges
- Type
- GIT
- Repo
- https://github.com/boldgrid/boldgrid-backup
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0
1.0.1
1.0.2
1.10.0
1.10.0-alpha.1
1.10.0-rc.1
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.11.0
1.11.0-rc.1
1.11.0-rc.2
1.11.0-rc.3
1.11.1
1.11.2
1.11.3
1.11.4
1.11.4-rc.1
1.11.5
1.11.6
1.11.7
1.11.8
1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.12.5
1.12.6
1.13.0
1.13.1
1.13.2
1.13.3
1.13.4
1.13.5
1.13.6
1.13.7
1.13.8
1.13.9
1.14.0
1.14.1
1.14.10
1.14.11
1.14.12
1.14.13
1.14.2
1.14.3
1.14.4
1.14.5
1.14.6
1.14.7
1.14.8
1.14.9
1.15.0
1.15.1
1.15.10
1.15.2
1.15.3
1.15.4
1.15.5
1.15.6
1.15.7
1.15.8
1.15.9
1.16.0
1.16.0-rc.1
1.16.1
1.16.10
1.16.3
1.16.4
1.16.5
1.16.6
1.16.8
1.16.9
1.2
1.2.1
1.2.2
1.2.3
1.3
1.3.1
1.3.10
1.3.11
1.3.12
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.5
1.5.1
1.5.2
1.5.3
1.6.0
1.6.0-alpha.1
1.6.0-alpha.2
1.6.0-alpha.3
1.6.0-rc.1
1.6.0-rc.2
1.6.0-rc.3
1.6.0-rc.4
1.6.0-rc.5
1.6.0-rc.6
1.6.0-rc.7
1.6.1
1.6.1-rc.1
1.6.2
1.6.3
1.6.4
1.6.5
1.7.0
1.7.0-alpha.1
1.7.0-rc.1
1.7.1
1.7.2
1.7.3-rc.1
1.8.0
1.9.0
1.9.0-rc.2
1.9.1
1.9.2
1.9.3