How to fix EUVD-2025-17551?

Within 24 hours: inventory all WordPress installations using Grill or Chow themes versions 1.6 and below; isolate affected sites from production if business-critical. Within 7 days: implement WAF rules blocking suspicious path traversal patterns, apply input validation, and disable theme functionality if not essential. Within 30 days: migrate to alternative themes or contact vendor for patch availability; conduct file access audit on affected servers to detect potential compromise.

Is PHP affected by EUVD-2025-17551?

A high-severity path traversal vulnerability in Mikado-Themes Grill and Chow WordPress themes allows attackers to read arbitrary files from affected servers through PHP Local File Inclusion.

EUVD-2025-17551

| CVE-2025-49297 CRITICAL

2025-06-09 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17551

CVE Published

Jun 09, 2025 - 16:15 nvd

CRITICAL 9.8

Description

Path Traversal vulnerability in Mikado-Themes Grill and Chow allows PHP Local File Inclusion. This issue affects Grill and Chow: from n/a through 1.6.

Analysis

Path traversal vulnerability in Mikado-Themes Grill and Chow WordPress themes (versions through 1.6) that enables PHP Local File Inclusion (LFI) attacks. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary files on the affected server, potentially exposing sensitive configuration files, database credentials, and other confidential data. The high CVSS score of 8.1 reflects significant impact on confidentiality and integrity, though exploitation requires higher attack complexity.

Technical Context

This vulnerability exploits improper input validation in file path handling within the Grill and Chow theme codebase. The root cause is classified under CWE-35 (Path Traversal), which occurs when user-controlled input is used to construct file paths without adequate sanitization or validation. Attackers can inject path traversal sequences (e.g., '../../../') to navigate outside intended directories and include arbitrary files via PHP inclusion functions (include(), require(), file_get_contents(), etc.). The vulnerability affects WordPress theme components that handle file operations, likely in template loading, asset inclusion, or custom functionality handlers. CPE identification points to Mikado-Themes products, specifically the Grill and Chow theme distribution across WordPress installations running affected versions.

Affected Products

Grill (1.6 and earlier); Chow (1.6 and earlier)

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +49

POC: 0

EUVD-2025-17551 vulnerability details – vuln.today

Back

EUVD-2025-17551

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

EUVD-2025-17551

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code