CVE-2025-24760
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Local File Inclusion (LFI) flaw in the WordPress Sofass theme up to version 1.3.4. It allows unauthenticated attackers to include and display local files from the target website by exploiting improper control of filename parameters in PHP include/require statements. This can expose sensitive information such as database credentials and potentially lead to a complete database takeover. [1]
How can this vulnerability impact me? :
The vulnerability can have severe impacts including exposure of sensitive information like database credentials, which may lead to a complete database takeover. It poses a high risk with a CVSS score of 8.1 and is likely to be exploited by automated attacks. This can compromise the security and integrity of your website and data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Local File Inclusion vulnerability can involve monitoring for unusual HTTP requests attempting to include local files via the Sofass theme. Network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to look for suspicious URL patterns that try to exploit file inclusion. Additionally, server logs should be inspected for requests containing file path traversal strings or attempts to include sensitive files. While no specific commands are provided, general commands to check web server logs include: 'grep -i "include" /var/log/apache2/access.log' or 'grep -E "(\.|%2e){2,}" /var/log/apache2/access.log' to find potential LFI attempts. Also, running server-side malware scans and professional incident response is recommended if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) provided by Patchstack, which blocks attack attempts targeting this vulnerability until an official fix is released. It is important to implement this virtual patch promptly to prevent exploitation. Additionally, professional incident response and server-side malware scanning should be conducted if there is suspicion of compromise. Relying solely on plugin-based malware scanners is discouraged as they can be tampered with. Monitoring and hardening the server configuration to limit file inclusion risks is also advisable. [1]