CVE-2025-52807
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Local File Inclusion (LFI) flaw in the Kossy - Minimalist eCommerce WordPress Theme up to version 1.45. It allows unauthenticated attackers to include and display local files from the target website by exploiting improper control of filename parameters in PHP include/require statements. This can expose sensitive information such as database credentials and potentially lead to further compromise of the website. [1]
How can this vulnerability impact me? :
The vulnerability can allow attackers to access and display sensitive local files on your website, including database credentials. Depending on your website's configuration, this could lead to a complete database takeover, resulting in data loss, unauthorized data access, and potential full site compromise. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for attempts to exploit Local File Inclusion (LFI) in the affected WordPress theme. Detection involves looking for unusual HTTP requests that include suspicious parameters attempting to include local files. Specific commands are not provided in the resources, but typical detection methods include analyzing web server logs for requests containing file inclusion patterns or using web application firewalls with rules targeting LFI attempts. Patchstack offers a virtual patch that blocks exploitation attempts, which can also help in detection by logging blocked attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) provided by Patchstack to block exploitation attempts until an official fix is released. Users should promptly implement this automated virtual patch to protect their websites. Additionally, it is advised to seek professional incident response if there is any indication that the site has been compromised. Since no official patch is currently available, relying on the virtual patch and monitoring for suspicious activity are critical. [1]