PHP CVE-2025-49313

| EUVD-2025-17256 HIGH
PHP Remote File Inclusion (CWE-98)
2025-06-06 [email protected]
PHP Information Disclosure
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17256
CVE Published
Jun 06, 2025 - 13:15 nvd
HIGH 7.5

DescriptionNVD

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW allows PHP Local File Inclusion. This issue affects BRW: from n/a through 1.8.6.

AnalysisAI

PHP Local File Inclusion (LFI) vulnerability in ovatheme BRW versions up to 1.8.6, stemming from improper control of filename parameters in include/require statements. An authenticated attacker with low privileges can exploit this to read arbitrary files from the server filesystem, potentially gaining access to sensitive configuration files, source code, or credentials. The vulnerability requires network access and authenticated user status (CWE-98 improper input validation on file paths), with a CVSS score of 7.5 indicating high confidentiality and integrity impact.

Technical ContextAI

This vulnerability exploits CWE-98 (Improper Control of Filename for Include/Require Statement in PHP Program), a classic PHP security flaw where user-supplied input is passed directly to include(), require(), include_once(), or require_once() functions without proper sanitization or validation. The ovatheme BRW plugin likely accepts file path parameters (potentially via GET/POST requests) and uses them in include/require statements, allowing attackers to traverse directories using path traversal sequences (../) or access arbitrary local files. The affected product is identified as ovatheme BRW, a WordPress theme/plugin component, with vulnerability affecting versions from initial release through 1.8.6. The root cause involves insufficient input validation on user-controlled filename/path parameters before they are passed to PHP's file inclusion functions.

RemediationAI

Upgrade ovatheme BRW to version 1.8.7 or later (if available); details: Contact ovatheme for security updates or check WordPress.org plugin repository for patched versions beyond 1.8.6 Workaround: Restrict access to BRW functionality; details: Limit plugin access to trusted administrators only; use WordPress user role management to minimize exposed authenticated users who can trigger the vulnerability Workaround: Implement Web Application Firewall (WAF) rules; details: Deploy WAF rules to detect and block path traversal patterns (../, ..\, etc.) in HTTP requests targeting BRW parameters Mitigation: Server-level hardening; details: Implement PHP open_basedir directive to restrict file access scope; disable dangerous PHP functions like include/require on untrusted input via suhosin or similar patches Detection: Monitor for exploitation attempts; details: Search application and web server logs for suspicious include/require parameter patterns, path traversal sequences in BRW-related requests, and unusual file access patterns

Share

CVE-2025-49313 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy