Overview
The CVE-2025-48317 identifies a critical path traversal vulnerability in the WooCommerce Payment Gateway for Saferpay, developed by Stefan Keller. This vulnerability presents a significant risk to any e-commerce platform using this payment gateway, potentially leading to system compromise or data leakage. The affected versions are from n/a through 0.4.9.
Vulnerability Summary
CVE ID: CVE-2025-48317
Severity: High (CVSS: 7.5)
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: Potential system compromise or data leakage
Affected Products
A new way to communicate
Ameeba Chat is built on encrypted identity, not personal profiles.
Message, call, share files, and coordinate with identities kept separate.
- • Encrypted identity
- • Ameeba Chat authenticates access
- • Aliases and categories
- • End-to-end encrypted chat, calls, and files
- • Secure notes for sensitive information
Private communication, rethought.
Product | Affected Versions
WooCommerce Payment Gateway for Saferpay | n/a through 0.4.9
How the Exploit Works
The exploit works by manipulating file paths in request parameters to traverse to arbitrary directories. An attacker can exploit this vulnerability by sending crafted requests to the server, potentially gaining unauthorized access to sensitive data or compromising the server.
Conceptual Example Code
Below is a conceptual example of how the vulnerability might be exploited. In this example, the attacker attempts to access a sensitive file outside of the intended directory:
GET /payment/gateway?file=../../etc/passwd HTTP/1.1
Host: target.example.comMitigation
The developer has issued a patch to address this vulnerability, and all users are strongly advised to update to the latest version. In cases where immediate patching is not possible, the use of a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can help to mitigate the risk temporarily.