CVE-2025-69406
Local File Inclusion Vulnerability in FreightCo
Publication date: 2026-02-20
Last updated on: 2026-02-24
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themerex | freightco | to 1.1.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-69406 is a Local File Inclusion (LFI) vulnerability in the WordPress FreightCo Theme versions up to and including 1.1.7. It allows unauthenticated attackers to include and display local files from the target website by exploiting improper control of filename for include/require statements in PHP.
This vulnerability falls under the OWASP Top 10 category A3: Injection and specifically involves PHP Remote File Inclusion issues that lead to Local File Inclusion.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'Exploiting this vulnerability could expose sensitive files on the target website, such as those containing database credentials.'}, {'type': 'paragraph', 'content': "This exposure can potentially lead to a complete database takeover depending on the site's configuration."}, {'type': 'paragraph', 'content': 'The vulnerability requires no privileges to exploit, making it particularly dangerous and allowing unauthenticated attackers to compromise the site.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability allows unauthenticated attackers to include and display local files from the target website by exploiting improper control of filename in PHP include/require statements.'}, {'type': 'paragraph', 'content': 'Detection can involve monitoring web server logs for suspicious requests attempting to include local files, such as requests containing directory traversal patterns or attempts to access sensitive files.'}, {'type': 'paragraph', 'content': 'Common detection commands or methods include searching web server access logs for suspicious URL parameters that may be used to exploit Local File Inclusion (LFI), for example:'}, {'type': 'list_item', 'content': 'grep -iE "(\\.|%2e){2,}/" /var/log/apache2/access.log'}, {'type': 'list_item', 'content': 'grep -i "include" /var/log/apache2/access.log'}, {'type': 'list_item', 'content': 'grep -i "require" /var/log/apache2/access.log'}, {'type': 'paragraph', 'content': 'Additionally, monitoring for unusual file access patterns or error messages related to file inclusion in application logs can help detect exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch is currently available for this vulnerability, immediate mitigation involves applying protective measures to block exploitation attempts.
Patchstack has issued a mitigation rule that blocks exploitation attempts, providing immediate protection until an official fix is released and tested.
It is recommended to implement this mitigation rule or use automated vulnerability mitigation services offered by Patchstack to secure affected websites.
Additionally, restricting access to sensitive files and hardening PHP configurations to prevent inclusion of unintended files can reduce risk.
Monitoring and blocking suspicious requests at the web application firewall (WAF) or server level can also help prevent exploitation.