CVE-2025-48125
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-48125 is a high-severity Local File Inclusion (LFI) vulnerability in the WordPress WP Event Manager plugin versions up to and including 3.1.49. It allows unauthenticated attackers to include and display local files from the target website. This means attackers can potentially access sensitive information stored on the server, such as database credentials. The vulnerability arises from improper control of filenames used in PHP include/require statements, enabling remote file inclusion attacks. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including exposure of sensitive information like database credentials, which can lead to a complete database takeover. Attackers exploiting this flaw can access local files on the server without authentication, potentially compromising the entire website and its data. Since no official patch is available yet, affected sites remain at high risk of mass exploitation by automated attacks. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively affect compliance with standards such as GDPR and HIPAA because it risks unauthorized access to sensitive personal and protected health information stored on the affected website. Exposure or compromise of such data due to this vulnerability could lead to violations of data protection regulations, resulting in legal and financial consequences. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for exploitation attempts that try to include local files via the WP Event Manager plugin. Since the vulnerability allows unauthenticated Local File Inclusion (LFI), you can look for suspicious HTTP requests containing file inclusion patterns targeting the plugin endpoints. Using web server logs, you can grep for requests with parameters that include file paths or traversal sequences (e.g., ../). Example command to detect such attempts in Apache logs: `grep -E "(\.{2}/|include|require)" /var/log/apache2/access.log`. Additionally, applying Patchstack's virtual patch can help block exploitation attempts and provide logs for detection. It is also recommended to perform server-side malware scanning if compromise is suspected, as plugin-based scanners may be unreliable. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying Patchstack's high-priority virtual patch (vPatch) which blocks exploitation attempts until an official fix is released. Since no official patch is currently available, using this virtual patch is the fastest way to protect affected sites. Additionally, website owners should monitor for signs of compromise and consider professional incident response and server-side malware scanning. It is also advisable to restrict access to vulnerable plugin files and ensure proper web server configuration to minimize exposure. [1]