CVE-2025-25155
WordPress Music Sheet Viewer plugin <= 4.1 - Arbitrary File Read vulnerability
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in efreja Music Sheet Viewer music-sheet-viewer allows Path Traversal.This issue affects Music Sheet Viewer: from n/a through <= 4.1.
| CWE | CWE-22 |
| Vendor | efreja |
| Product | music sheet viewer |
| Published | Feb 7, 2025 |
| Last Updated | Apr 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for efreja music sheet viewer
Be the first to know when new high vulnerabilities affecting efreja music sheet viewer are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
efreja / Music Sheet Viewer
0 โค 4.1
References
Credits
Abdi Pranata | Patchstack Bug Bounty Program