CVE-2025-49253
BaseFortify
Publication date: 2025-06-17
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49253 is a high-severity Local File Inclusion (LFI) vulnerability in the WordPress Lasa Theme up to version 1.1. It allows unauthenticated attackers to include and display local files from the target website by exploiting improper control of filenames in PHP include/require statements. This can expose sensitive information such as database credentials and potentially lead to complete database takeover depending on the website's configuration. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including exposure of sensitive information like database credentials, unauthorized access to local files, and potentially complete takeover of the website's database. Since it requires no authentication to exploit, it is highly dangerous and likely to be widely exploited. This can lead to data breaches, website defacement, or further compromise of the server. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for attempts to exploit Local File Inclusion (LFI) in the thembay Lasa WordPress theme. Since the vulnerability allows unauthenticated attackers to include local files, network or web server logs should be inspected for suspicious requests attempting to include files via URL parameters. Specific commands are not provided in the resources, but general approaches include searching web server logs for patterns like 'include', 'require', or attempts to access sensitive files (e.g., /etc/passwd). Additionally, using the Patchstack virtual patch can automatically block exploitation attempts. For compromised systems, professional incident response and server-side malware scanning are recommended over plugin-based scanners. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack virtual patch (vPatch) which blocks exploitation attempts automatically, providing immediate protection before official updates are applied. Users should update the Lasa Theme to version 1.1.1 or later to fully resolve the vulnerability. Additionally, monitoring for suspicious activity and preparing for professional incident response and server-side malware scanning in case of compromise are advised. [1]