{"id":64370,"date":"2025-08-28T08:45:10","date_gmt":"2025-08-28T08:45:10","guid":{"rendered":""},"modified":"2025-09-29T02:50:58","modified_gmt":"2025-09-29T08:50:58","slug":"cve-2025-8145-php-object-injection-vulnerability-in-redirection-for-contact-form-7-wordpress-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-8145-php-object-injection-vulnerability-in-redirection-for-contact-form-7-wordpress-plugin\/","title":{"rendered":"<strong>CVE-2025-8145: PHP Object Injection Vulnerability in Redirection for Contact Form 7 WordPress Plugin<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The Redirection for Contact Form 7 WordPress plugin is subject to a severe security vulnerability, identified under the code CVE-2025-8145. The weakness lies in its susceptibility to PHP Object Injection in versions up to, and including, 3.2.4. This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-6187-privilege-escalation-vulnerability-in-bsecure-wordpress-plugin\/\"  data-wpil-monitor-id=\"72963\">vulnerability<\/a> could potentially affect millions of websites running on the WordPress platform that utilize this plugin, posing a significant risk of system compromise and data leakage.<br \/>\nThe importance of this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-53546-high-severity-vulnerability-in-folo-s-github-workflow\/\"  data-wpil-monitor-id=\"73382\">vulnerability is underlined by its CVSS Severity<\/a> Score of 8.8, which indicates a high level of severity. It opens the door for unauthenticated attackers to inject a PHP Object and, given the right conditions, even <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50754-stored-cross-site-scripting-xss-vulnerability-leading-to-remote-code-execution-in-unisite-cms-5-0\/\"  data-wpil-monitor-id=\"74652\">execute remote code<\/a>.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-8145<br \/>\nSeverity: High &#8211; 8.8 CVSS Score<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-27055-memory-corruption-leads-to-potential-system-compromise-during-image-encoding\/\"  data-wpil-monitor-id=\"74336\">Potential system compromise<\/a> and data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-2599290586\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Redirection for Contact <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-6679-critical-arbitrary-file-upload-vulnerability-in-bit-form-builder-plugin-for-wordpress\/\"  data-wpil-monitor-id=\"75348\">Form 7 WordPress Plugin<\/a> | Up to and including 3.2.4<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The vulnerability occurs in the get_lead_fields function of the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-6754-privilege-escalation-vulnerability-in-seo-metrics-plugin-for-wordpress\/\"  data-wpil-monitor-id=\"72719\">Redirection for Contact Form 7 WordPress<\/a> plugin, which is susceptible to PHP Object Injection. This happens due to the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-24777-deserialization-of-untrusted-data-vulnerability-in-awethemes-hillter\/\"  data-wpil-monitor-id=\"73002\">deserialization of untrusted<\/a> inputs, allowing an attacker to inject a PHP Object. The presence of a POP chain in a Contact Form 7 plugin enables attackers to delete <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-52239-arbitrary-file-upload-vulnerability-in-zkeacms-v4-1\/\"  data-wpil-monitor-id=\"74560\">arbitrary files<\/a>. Furthermore, under certain server configurations, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3128-critical-vulnerability-in-mitsubishi-electric-smartrtu-allowing-remote-code-execution\/\"  data-wpil-monitor-id=\"76215\">Remote Code<\/a> Execution is possible.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-1578590086\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>The following is a conceptual example of how the vulnerability might be exploited. An <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-9408-server-side-request-forgery-attack-in-eclipse-glassfish\/\"  data-wpil-monitor-id=\"77283\">attacker could send an HTTP POST request<\/a> with a malicious payload to the vulnerable endpoint:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/contact-form-7\/endpoint HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/json\n{\n&quot;form_data&quot;: &quot;O:4:\\&quot;Lead\\&quot;:2:{s:4:\\&quot;name\\&quot;;s:5:\\&quot;Attacker\\&quot;;s:4:\\&quot;file\\&quot;;s:9:\\&quot;\/etc\/passwd\\&quot;;}&quot;\n}<\/code><\/pre>\n<p>In the example above, the attacker is <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-24779-object-injection-vulnerability-in-nootheme-yogi\/\"  data-wpil-monitor-id=\"76747\">injecting a serialized PHP Object<\/a> in the form data. This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50849-critical-insecure-direct-object-reference-idor-vulnerability-in-cs-cart-4-18-3\/\"  data-wpil-monitor-id=\"76556\">object has a property &#8216;file&#8217; that refers<\/a> to the &#8216;\/etc\/passwd&#8217; file. This would lead to the deletion of the mentioned file, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30327-integer-overflow-vulnerability-in-incopy-leading-to-potential-arbitrary-code-execution\/\"  data-wpil-monitor-id=\"73730\">leading to potential<\/a> data loss or system instability.<\/p>\n<p><strong>Solutions and Mitigations<\/strong><\/p>\n<p>The vendor has issued a patch for this vulnerability, and it&#8217;s strongly recommended to apply this patch immediately. In case the patch cannot be applied immediately, a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can be used as a temporary mitigation to detect and <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-8059-critical-privilege-escalation-vulnerability-in-b-blocks-wordpress-plugin\/\"  data-wpil-monitor-id=\"76305\">block attempts to exploit this vulnerability<\/a>. However, these are not long-term solutions, and the patch should be applied as soon as <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-54742-data-deserialization-vulnerability-in-wpevently-leading-to-possible-system-compromise\/\"  data-wpil-monitor-id=\"86532\">possible to ensure system<\/a> security.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The Redirection for Contact Form 7 WordPress plugin is subject to a severe security vulnerability, identified under the code CVE-2025-8145. The weakness lies in its susceptibility to PHP Object Injection in versions up to, and including, 3.2.4. This vulnerability could potentially affect millions of websites running on the WordPress platform that utilize this plugin, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[80],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-64370","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-rce"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/64370","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=64370"}],"version-history":[{"count":15,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/64370\/revisions"}],"predecessor-version":[{"id":79316,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/64370\/revisions\/79316"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=64370"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=64370"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=64370"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=64370"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=64370"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=64370"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=64370"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=64370"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=64370"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}