Auth bypass in Astrasecuritysuite Astra Security Suite – Firewall & Malware Scan
CVE-2025-11521
The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and includin…
EPSS: 0.004 (34.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-11521?
- CVE-2025-11521 is a high-severity vulnerability in Astrasecuritysuite Astra Security Suite – Firewall & Malware Scan, classified under Improper Authorization. CVSS score: 8.1/10. Published 2025-11-11.
- How severe is CVE-2025-11521?
- High severity. CVSS v3 base score is 8.1 out of 10.