CVE-2025-49416
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Local File Inclusion vulnerability involves monitoring for attempts to include local files via the FW Gallery plugin. Since the vulnerability allows unauthenticated attackers to include and display local files, network or web server logs should be inspected for suspicious requests containing file inclusion patterns, such as URL parameters referencing local files (e.g., ../../etc/passwd). Additionally, professional incident response and server-side malware scanning are recommended to detect possible compromises. Specific commands are not provided, but reviewing web server access logs with tools like grep for suspicious patterns and using server-side malware scanners is advised. [1]
Can you explain this vulnerability to me?
This vulnerability is a Local File Inclusion (LFI) issue in the WordPress FW Gallery plugin up to version 8.0.0. It allows unauthenticated attackers to include and display local files from the target website by exploiting improper control of filename in PHP include/require statements. This can expose sensitive information such as database credentials and potentially lead to a complete database takeover. [1]
How can this vulnerability impact me? :
The vulnerability can allow attackers to access and display sensitive local files on your website, exposing critical information like database credentials. Depending on your website's configuration, this could result in a full database takeover. It poses a high risk with a CVSS score of 8.1 and is expected to be widely exploited, potentially leading to severe data breaches and system compromise. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack virtual patch (vPatch) which blocks attack attempts targeting this vulnerability until an official fix is released. It is safe to apply and test this virtual patch to protect affected sites immediately. Additionally, professional incident response and server-side malware scanning should be conducted if compromise is suspected. Relying solely on plugin-based malware scanners is discouraged as they can be tampered with. Since no official patch is currently available, virtual patching is the recommended immediate action. [1]