CVE-2025-58897
Deferred Deferred - Pending Action
PHP Local File Inclusion in Fermentio

Publication date: 2026-06-02

Last updated on: 2026-06-02

Assigner: Patchstack

Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-02
Generated
2026-06-23
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2025-58897
EUVD
EUVD-2025-210040
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
axiomthemes fermentio From 1.0.0 (inc) to 1.5.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-58897 is a Local File Inclusion (LFI) vulnerability found in the WordPress Fermentio Theme, versions 1.5.0 and below. It arises from improper control of filenames used in include or require statements in PHP, allowing unauthenticated attackers to include local files on the target website.

This flaw enables attackers to potentially access sensitive files on the server, such as configuration files or database credentials, by tricking the application into including unintended files.

Impact Analysis

Exploitation of this vulnerability can lead to severe impacts including exposure of sensitive data like database credentials.

Depending on the server configuration, attackers may achieve a full database takeover, compromising the integrity, confidentiality, and availability of the affected system.

The vulnerability has a high CVSS score of 8.1, indicating a high risk and likelihood of exploitation, especially in mass-exploit campaigns.

Mitigation Strategies

The WordPress Fermentio Theme versions 1.5.0 and below are affected by a high-priority Local File Inclusion vulnerability with no official patch available yet.

Immediate mitigation steps include applying the temporary mitigation rule provided by Patchstack to block attacks until an official fix is released.

It is also recommended to update the theme when a patch becomes available or seek assistance from your hosting provider or a developer to secure your system.

Compliance Impact

The Local File Inclusion (LFI) vulnerability in the WordPress Fermentio Theme allows unauthenticated attackers to access sensitive data such as database credentials and potentially take over the database. This exposure of sensitive information can lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls to protect personal and health-related data from unauthorized access.

Failure to address this vulnerability could result in non-compliance with these standards due to the risk of data breaches and unauthorized data disclosure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58897. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart