CVE-2025-32227 MEDIUM

CVE-2025-32227: WordPress Asgaros Forum plugin <= 3.0.0 - File Upload Numbers Bypass vulnerability

Vendor Asgaros
Product Asgaros Forum
Weakness CWE-290
Published April 10, 2025
Last update April 29, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum asgaros-forum allows Identity Spoofing.This issue affects Asgaros Forum: from n/a through <= 3.0.0.

Explanation of Vulnerability in Simple Terms

02Summary

Asgaros Forum versions up to 3.0.0 contain an authentication bypass or privilege escalation vulnerability that allows low-privileged users to modify data they should not have access to. The vulnerability requires an attacker to be logged in and does not require user interaction from victims. Integrity of forum data can be compromised.

What an attacker can do

03Attacker Capabilities

A logged-in user can modify forum data or settings they should not have permission to change.

Potential impact on your site

04Site Impact

Forum data integrity may be compromised; users with low privileges could alter posts, settings, or other content.

Conditions required to exploit

05Prerequisites

Attacker must have a valid user account on the forum (low privilege level).

Key dates

06Disclosure timeline

April 10, 2025 CVE published
April 29, 2026 Record updated