CVE-2025-29002

| EUVD-2025-18516 HIGH
2025-06-17 [email protected]
8.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18516
CVE Published
Jun 17, 2025 - 15:15 nvd
HIGH 8.1

Tags

PHP Lfi RCE

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Simen allows PHP Local File Inclusion. This issue affects Simen: from n/a through 4.6.

Analysis

PHP Local File Inclusion (LFI) vulnerability in snstheme Simen versions through 4.6 that allows unauthenticated remote attackers to include and execute arbitrary local files via improper control of filename parameters in PHP include/require statements. With a CVSS score of 8.1 and network-based attack vector, this vulnerability enables confidentiality, integrity, and availability compromise; however, the high attack complexity suggests exploitation requires specific conditions or knowledge of the target environment.

Technical Context

This vulnerability stems from CWE-98 (Improper Control of Filename for Include/Require Statement in PHP Program), a critical weakness in PHP applications where user-supplied input is passed unsanitized to include(), require(), include_once(), or require_once() functions. The snstheme Simen WordPress theme (CPE identifier likely wp:snstheme:simen) fails to properly validate or sanitize filename parameters before inclusion, allowing attackers to reference arbitrary files accessible to the PHP process (e.g., /etc/passwd, wp-config.php, log files, or uploaded malicious files). The distinction between RFI (Remote File Inclusion) and LFI (Local File Inclusion) in the description suggests the vulnerability primarily affects local file access, though depending on PHP configuration (allow_url_include), remote exploitation may be possible.

Affected Products

snstheme Simen (WordPress theme) versions from initial release through version 4.6 inclusive. Affected installations typically include: WordPress sites with Simen theme active, particularly older installations not receiving updates. CPE: wp:snstheme:simen (versions 0-4.6). Vendor: snstheme. No specific vendor advisory link provided in the vulnerability description; security teams should consult WordPress plugin/theme repositories and snstheme official channels for patch availability and version information.

Remediation

Immediate actions: (1) Update snstheme Simen to version 4.7 or later once released (patch version not explicitly provided, so monitor snstheme official releases and WordPress theme repository); (2) If patch unavailable, implement Web Application Firewall (WAF) rules to detect LFI patterns (e.g., directory traversal sequences like '../', 'etc/passwd', PHP wrappers); (3) Disable PHP's allow_url_include directive in php.ini to prevent RFI via wrapper protocols; (4) Restrict PHP execution permissions on user-uploadable directories; (5) Audit logs for suspicious include/require patterns and local file access attempts. Temporary mitigation: Disable or replace the Simen theme with a patched alternative until updates are available.

Priority Score

41
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +40
POC: 0

Share

CVE-2025-29002 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy