CVE-2025-6389

ENISA EUVD: EUVD-2025-199531 ↗
✓ Confirmed 0-Day
Triaged: March 5, 2026 1 article
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-24
0.9%
probability
This CVE has a 0.9% probability of being exploited in the next 30 days.
0% Top 75.9th percentile of all CVEs 100%

CVSS v3.1

Source: NVD
9.8
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Attack Intelligence

Exploits & PoC

itsismarcos/SneeitScanner-CVE-2025-6389

SneeitScanner - PoC & Scanner para RCE não autenticada no Sneeit Framework (CVE-2025-6389)

1
shac1x/Blackash-CVE-2025-6389

CVE-2025-6389

0
Nxploited/CVE-2025-6389

Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback

0
3 repos — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
78%
EPSS 0.9%
CVSS v3.1 9.8
Mentions 1
Last Seen Dec 08, 2025

CNA Information

Analyst Note

CVE-2025-6389 is a 2025 WordPress plugin RCE with CVSS 9.8. TheHackerNews explicitly reports active wild exploitation via Wordfence data. However, the single article excerpt does not clearly establish whether exploitation preceded patch availability—the patch to version 8.3+ appears concurrent with disclosure, which is consistent with coordinated zero-day response. Confirmation relies on the explicit "actively exploited in the wild" statement from a credible security source (Wordfence/Wordfence blog data cited).

Threat Actors 2

Hacking Team
apt_group 🇮🇹 IT
Mana Team
apt_group 🇨🇳 CN

Triage Info

Decided atMar 05, 2026