CVE-2025-32549
BaseFortify
Publication date: 2025-06-17
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-32549 is a Local File Inclusion (LFI) vulnerability in the WordPress WPGYM plugin versions up to 65.0. It allows an attacker with subscriber-level privileges to include and display local files from the target website. This can expose sensitive information such as database credentials and potentially lead to a complete database takeover depending on the website's configuration. The vulnerability is caused by improper control of filenames used in PHP include/require statements. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including exposure of sensitive information like database credentials, which can lead to a complete database takeover. Attackers can exploit this vulnerability to access local files on the server, potentially compromising the entire website and its data. Since the vulnerability has a high CVSS score of 7.5, it represents a significant security risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific commands provided to detect this vulnerability on your network or system. However, since the vulnerability allows an attacker with subscriber-level privileges to include and display local files, monitoring for unusual file inclusion attempts or suspicious HTTP requests targeting the WPGYM plugin could help. Additionally, using professional incident response services is recommended because plugin-based malware scanners may be unreliable due to tampering. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying Patchstack's virtual patch (vPatch) which blocks exploitation attempts until an official fix is available. This virtual patch can be safely applied and tested to protect affected sites immediately. Users should apply these mitigations promptly and seek professional incident response services if their sites have already been compromised. [1]