CVE-2025-9196

MEDIUM NUCLEI

Trinity Audio - Text to Speech AI <5.21.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-9196. PoCs published by halilkirazkaya, MooseLoveti. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains functional exploit code for multiple CVEs, including remote file inclusion, path traversal, and unauthorized file deletion vulnerabilities. The PoCs are well-structured and include specific HTTP requests to demonstrate the vulnerabilities.

Description

The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the ~/admin/inc/phpinfo.php file that gets created on install. This makes it possible for unauthenticated attackers to extract sensitive data including configuration data.

Exploits (2)

github WORKING POC 4 stars

by halilkirazkaya · poc

https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2025/CVE-2025-9196.md

View Code ZIP pw:eip

This repository contains functional exploit code for multiple CVEs, including remote file inclusion, path traversal, and unauthorized file deletion vulnerabilities. The PoCs are well-structured and include specific HTTP requests to demonstrate the vulnerabilities.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Various (WordPress plugins, QNAP Photo Station, IBM Data Risk Manager, Wipro Holmes Orchestrator)

No auth needed

Prerequisites: Network access to the target system · Specific software versions as listed in the CVEs

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WRITEUP

by MooseLoveti · poc

https://github.com/MooseLoveti/Trinity-Audio-CVE-Report

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-9196, an unauthenticated information exposure vulnerability in Trinity Audio WordPress plugin. The vulnerability allows unauthenticated users to access phpinfo() output, exposing sensitive server information.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Trinity Audio WordPress plugin <= 5.20.1

No auth needed

Prerequisites: Access to the target WordPress site

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Trinity Audio <= 5.21.0 - Information Exposure

MEDIUMVERIFIEDby Kazgangap

FOFA: body="/wp-content/plugins/trinity-audio"

References (2)

Core 2

Core References

Product

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3373045%40trinity-audio&new=3373045%40trinity-audio&sfp_email=&sfph_mail=

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/64889659-24d6-40d9-97ba-b448f5205a96?source=cve

Scores

CVSS v3 5.3

EPSS 0.0047

EPSS Percentile 65.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

sergiotrinity/Trinity Audio – Text to Speech AI audio player to convert content into audio < 5.21.0

Published Oct 11, 2025

Tracked Since Feb 18, 2026