CVE-2025-9217: 
WordPress vulnerability analysis and mitigation

The Slider Revolution plugin for WordPress contains a Path Traversal vulnerability (CVE-2025-9217) discovered on August 29, 2025. This vulnerability affects all versions up to and including 6.7.36. The vulnerability exists in the handling of 'usedsvg' and 'usedimages' parameters, potentially exposing sensitive server files (NVD CVE).

The vulnerability is classified as a Path Traversal issue (CWE-22) that allows authenticated users with Contributor-level access or higher to read arbitrary files on the server through manipulation of the 'usedsvg' and 'usedimages' parameters. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility, low attack complexity, and high confidentiality impact (NVD CVE).

The vulnerability allows authenticated attackers to read the contents of arbitrary files on the server. This access could expose sensitive information stored in server files, potentially leading to further system compromise or unauthorized access to confidential data (NVD CVE).

The vulnerability has been patched in version 6.7.37, released on August 28, 2025. Users are advised to update to this version immediately. The update includes security hardening measures specifically addressing the SVG & image path traversal in exported ZIP files (Slider Revolution).