CVE-2025-67988
Awaiting Analysis Awaiting Analysis - Queue
Local File Inclusion in LoftOcean CozyStay PHP

Publication date: 2026-02-20

Last updated on: 2026-02-24

Assigner: Patchstack

Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through < 1.9.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67988
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
loftocean cozystay to 1.9.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

[{'type': 'paragraph', 'content': 'Exploitation of this vulnerability can lead to exposure of sensitive information like database credentials.'}, {'type': 'paragraph', 'content': "If attackers obtain these credentials, they could potentially take over the entire database depending on the website's configuration."}, {'type': 'paragraph', 'content': 'This represents a severe security risk with a CVSS score of 8.1, indicating high priority for remediation.'}] [1]

Compliance Impact

I don't know

Executive Summary

CVE-2025-67988 is a Local File Inclusion (LFI) vulnerability in the WordPress CozyStay Theme versions prior to 1.9.1.

This vulnerability allows unauthenticated attackers to include and display local files from the target website by exploiting improper control of filename parameters in PHP include/require statements.

As a result, attackers can potentially access sensitive information stored in local files, such as database credentials.

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability allows unauthenticated attackers to include and display local files from the target website, which can be detected by monitoring for suspicious HTTP requests attempting to exploit Local File Inclusion (LFI) patterns.'}, {'type': 'paragraph', 'content': 'Detection can involve inspecting web server logs for requests containing suspicious parameters that include file paths or traversal sequences (e.g., ../) targeting the CozyStay theme.'}, {'type': 'paragraph', 'content': 'While specific commands are not provided, common approaches include using tools like grep to search web server logs for suspicious patterns, for example:'}, {'type': 'list_item', 'content': "grep -i 'include' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep -E '\\.\\./|%2e%2e%2f' /var/log/apache2/access.log"}, {'type': 'paragraph', 'content': 'Additionally, using web vulnerability scanners that detect LFI vulnerabilities can help identify exploitation attempts.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The most immediate and effective mitigation is to update the CozyStay WordPress theme to version 1.9.1 or later, where the vulnerability has been patched.'}, {'type': 'paragraph', 'content': "Until the update can be applied, users should implement Patchstack's mitigation rules designed to block attacks targeting this vulnerability."}, {'type': 'paragraph', 'content': 'It is also recommended to monitor and block suspicious requests that attempt to exploit Local File Inclusion vulnerabilities.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67988. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart