CVE-2025-11632: 
WordPress vulnerability analysis and mitigation

A vulnerability was discovered in libarchive versions up to 3.7.7, identified as CVE-2025-1632. The vulnerability affects the function list in the file bsdunzip.c and involves a null pointer dereference issue. The vulnerability was disclosed on February 24, 2025 (NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) and Improper Resource Shutdown or Release (CWE-404) issue. It has received a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access is required. The CVSS v4.0 score is 4.8 (MEDIUM) with vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N (NVD).

The vulnerability affects the availability of the system through a null pointer dereference, which could lead to application crashes. The impact is primarily focused on availability with no direct effect on confidentiality or integrity (NVD).

The vendor was contacted about this disclosure but did not respond. Users are advised to update to versions newer than 3.7.7 when available. No official patches or workarounds have been published at the time of this report (NVD).