CVE-2025-32430: 
Java vulnerability analysis and mitigation

A Server-Side Request Forgery (SSRF) vulnerability has been identified in ActiveCampaign plugin versions through 8.1.14. The vulnerability was discovered and disclosed in April 2024, affecting WordPress installations using the ActiveCampaign plugin. This security issue has been assigned CVE-2024-32430 and has received a CVSS v3.1 base score of 9.8 (CRITICAL) from NIST, while Patchstack assessed it with a score of 4.4 (MEDIUM) (Patchstack Advisory).

The vulnerability is classified as a Server-Side Request Forgery (SSRF) issue, identified as CWE-918. According to the NIST assessment, the vulnerability has critical severity with a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, no privileges required, and no user interaction needed. Patchstack's assessment differs with a CVSS vector of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N, suggesting higher attack complexity and privilege requirements (NIST NVD).

If successfully exploited, this SSRF vulnerability could allow attackers to perform unauthorized server-side requests, potentially leading to data exposure, server manipulation, and access to internal resources. The critical CVSS score from NIST indicates potential for complete compromise of system confidentiality, integrity, and availability (NIST NVD).

Users are advised to upgrade their ActiveCampaign plugin to version 8.1.15 or later, which contains the security fix for this vulnerability. The affected versions include all releases through version 8.1.14 (NIST NVD).