CVE-2025-3604

CRITICAL

Flynax Bridge < 2.2.0 - Unauthenticated Privilege Escalation via Email Update

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-3604. PoCs published by Nxploited, Boshe99.

AI-analyzed exploit summary This is a functional exploit for CVE-2025-3604, targeting the Flynax Bridge WordPress plugin (versions <= 2.2.0). It allows unauthenticated attackers to change the email of any user, including administrators, by sending a crafted POST request to the vulnerable endpoint.

Description

The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.

Exploits (2)

nomisec WORKING POC 1 stars

by Nxploited · poc

https://github.com/Nxploited/CVE-2025-3604

View Code ZIP pw:eip

This is a functional exploit for CVE-2025-3604, targeting the Flynax Bridge WordPress plugin (versions <= 2.2.0). It allows unauthenticated attackers to change the email of any user, including administrators, by sending a crafted POST request to the vulnerable endpoint.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WordPress Flynax Bridge plugin <= 2.2.0

No auth needed

Prerequisites: Target must have the Flynax Bridge plugin installed and version <= 2.2.0 · User ID of the target account (typically 1 for admin)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-3604

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2025-3604, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The exploit demonstrates the ability to upload a malicious file to a vulnerable target.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin 3DPrint Lite 1.9.1.4

No auth needed

Prerequisites: target URL · path to a file to upload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3

Core References

https://plugins.trac.wordpress.org/changeset/3306501/

Product

https://plugins.trac.wordpress.org/browser/flynax-bridge/trunk/request.php

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/935caa43-4c75-47ad-a631-63988e21f834?source=cve

Scores

CVSS v3 9.8

EPSS 0.0058

EPSS Percentile 43.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-862

Status published

Products (2)

flynax/flynax_bridge < 2.2.0

v1rustyle/Flynax Bridge < 2.2.0

Published Apr 24, 2025

Tracked Since Feb 18, 2026