CVE-2025-25163

HIGH

Zach Swetz Plugin A/B Image Optimizer <3.3 - Path Traversal

Title source: llm

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer images-optimizer allows Path Traversal.This issue affects Plugin A/B Image Optimizer: from n/a through <= 3.3.

Exploits (2)

nomisec SCANNER 1 stars
by RootHarpy · poc
https://github.com/RootHarpy/CVE-2025-25163-Nuclei-Template
nomisec WORKING POC
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2025-25163

References (2)

Scores

CVSS v3 7.5
EPSS 0.2636
EPSS Percentile 96.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (2)
pluginab/plugin_a\/b_image_optimizer < 3.3
Zach Swetz/Plugin A/B Image Optimizer < 3.3
Published Feb 07, 2025
Tracked Since Feb 18, 2026