CVE-2025-49297
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qodeinteractive | grill_and_chow | to 1.6.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-35 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49297 is a Local File Inclusion (LFI) vulnerability in the WordPress Grill and Chow themes up to version 1.6. It allows unauthenticated attackers to include and display local files from the target website. This means attackers can access sensitive files on the server, such as database credentials, by exploiting a path traversal flaw in the theme's code. [1]
How can this vulnerability impact me? :
This vulnerability can lead to the exposure of sensitive information like database credentials, which could result in a complete database takeover depending on the website's configuration. It poses a high risk with a CVSS score of 8.1 and can be exploited by unauthenticated attackers, potentially leading to data breaches, unauthorized access, and further compromise of the website. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Local File Inclusion (LFI) vulnerability can involve monitoring web server logs for suspicious requests attempting to include local files, such as those containing directory traversal patterns (e.g., ../). Specific commands are not provided in the resources, but typical approaches include searching access logs for suspicious URL parameters or payloads that try to exploit LFI. Additionally, using server-side malware scanning and professional incident response is recommended if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the official patch by updating the Grill and Chow themes to version 1.6.1 or later, which fixes the vulnerability. Until the update can be applied, Patchstack provides a virtual patch (vPatch) that blocks attacks exploiting this vulnerability. It is also recommended to perform server-side malware scanning and consider professional incident response if there is suspicion of compromise. [1]