CVE-2025-49259
BaseFortify
Publication date: 2025-06-17
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49259 is a high-severity Local File Inclusion (LFI) vulnerability in the WordPress Hara Theme up to version 1.2.10. It allows unauthenticated attackers to include and display local files from the target website by exploiting improper control of filename for include/require statements in PHP. This can expose sensitive information such as database credentials and potentially lead to complete database takeover depending on the website's configuration. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to access and display sensitive local files on your website, potentially exposing critical information like database credentials. Exploitation could lead to a complete database takeover, compromising the confidentiality, integrity, and availability of your website and its data. Automated attacks are common against unpatched sites, so immediate mitigation or updating is crucial. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for attempts to exploit Local File Inclusion (LFI) in the Hara WordPress theme. Since attackers may try to include local files via crafted HTTP requests, inspecting web server logs for suspicious requests containing file inclusion patterns (e.g., parameters with '../' sequences or references to sensitive files) is recommended. Additionally, professional incident response and server-side malware scanning are advised, as plugin-based scanners may be unreliable. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack virtual patch (vPatch) to block attacks until the official fixed version is installed. Updating the Hara WordPress theme to version 1.2.11 or later, where the vulnerability is resolved, is strongly recommended. Additionally, professional incident response and server-side malware scanning should be performed if compromise is suspected to ensure system integrity. [1]