CVE-2025-67981
Awaiting Analysis Awaiting Analysis - Queue
Local File Inclusion Vulnerability in thembay Besa

Publication date: 2026-02-20

Last updated on: 2026-02-24

Assigner: Patchstack

Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67981
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
thembay besa to 2.3.15 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-67981 is a Local File Inclusion (LFI) vulnerability in the WordPress Besa Theme versions up to and including 2.3.15.

This vulnerability allows an unauthenticated attacker to include and display local files from the target website by exploiting improper control of filename for include/require statements in PHP.

As a result, sensitive information such as database credentials can be exposed.

Impact Analysis

[{'type': 'paragraph', 'content': 'Exploitation of this vulnerability can lead to exposure of sensitive information including database credentials.'}, {'type': 'paragraph', 'content': "Depending on the website's configuration, an attacker could potentially achieve a complete database takeover."}, {'type': 'paragraph', 'content': 'The vulnerability requires no privileges to exploit, making it easier for attackers to leverage.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability allows an unauthenticated attacker to include and display local files from the target website, which can be detected by monitoring for suspicious HTTP requests attempting to exploit Local File Inclusion (LFI) in the Besa WordPress theme.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts, you can look for unusual URL parameters or requests that try to include local files, such as requests containing patterns like "../../" or attempts to access sensitive files.'}, {'type': 'paragraph', 'content': 'While specific commands are not provided in the resources, common detection methods include using web server logs analysis and network monitoring tools to search for suspicious request patterns.'}, {'type': 'list_item', 'content': 'Use grep or similar tools on web server logs to find requests with suspicious parameters, e.g., `grep -r "..\\/..\\/" /var/log/apache2/access.log`'}, {'type': 'list_item', 'content': "Monitor HTTP requests for attempts to access local files by filtering logs for keywords like 'include', 'require', or file extensions such as '.php', '.txt', '.conf'."}, {'type': 'list_item', 'content': 'Use intrusion detection systems (IDS) or web application firewalls (WAF) with rules targeting LFI patterns, such as those provided by Patchstack.'}] [1]

Mitigation Strategies

The immediate and most effective mitigation step is to update the Besa WordPress theme to version 2.3.16 or later, where this vulnerability has been patched.

Until the update can be applied, it is strongly advised to implement mitigation rules provided by Patchstack to block attacks targeting this vulnerability.

Because the vulnerability requires no privileges to exploit, applying these mitigations promptly is critical to prevent potential local file inclusion attacks and exposure of sensitive information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67981. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart