High severity8.6NVD Advisory· Published Aug 20, 2025· Updated Apr 23, 2026
CVE-2025-48158
CVE-2025-48158
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field buddypress-xprofile-image-field allows Path Traversal.This issue affects BuddyPress XProfile Custom Image Field: from n/a through <= 3.0.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=3.0.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.