{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-15546","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2026-01-26T14:42:55.951Z","datePublished":"2026-06-14T06:00:03.776Z","dateUpdated":"2026-07-06T14:38:27.946Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2026-06-14T06:00:03.776Z"},"title":"Iptanus File Upload < 5.1.7 - File Overwrite via Race Condition","problemTypes":[{"descriptions":[{"description":"CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Iptanus File Upload","versions":[{"status":"affected","versionType":"semver","version":"0","lessThan":"5.1.7"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to \"maintain both.\" Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file existence check and the actual file write operation, an authenticated attacker can overwrite files uploaded by other users."}],"references":[{"url":"https://wpscan.com/vulnerability/06e33418-1644-49a1-b012-122046604109/","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Luca Jungnickel","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-362","lang":"en","description":"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.4,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"HIGH","availabilityImpact":"LOW","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2026-06-15T13:10:47.220205Z","id":"CVE-2025-15546","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-07-06T14:38:27.946Z"}}]}}