CVE-2025-60071

HIGH
2025-12-18 [email protected]
8.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 15:22 vuln.today
CVE Published
Dec 18, 2025 - 08:16 nvd
HIGH 8.1

Tags

WordPress PHP Lfi

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Riode riode allows PHP Local File Inclusion.This issue affects Riode: from n/a through <= 1.6.23.

Analysis

Local file inclusion in Riode WordPress theme versions up to 1.6.23 allows remote attackers to read arbitrary files on the server through improper PHP file inclusion controls. The vulnerability requires user interaction (UI:R) but no authentication (PR:N), enabling unauthorized access to sensitive configuration files, credentials, or source code. EPSS score of 0.06% (18th percentile) indicates low observed exploitation probability; no public exploit identified at time of analysis and not listed in CISA KEV.

Priority Score

41
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +40
POC: 0

Share

CVE-2025-60071 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy