CVE-2025-58897
PHP Local File Inclusion in Fermentio
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axiomthemes | fermentio | From 1.0.0 (inc) to 1.5.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58897 is a Local File Inclusion (LFI) vulnerability found in the WordPress Fermentio Theme, versions 1.5.0 and below. It arises from improper control of filenames used in include or require statements in PHP, allowing unauthenticated attackers to include local files on the target website.
This flaw enables attackers to potentially access sensitive files on the server, such as configuration files or database credentials, by tricking the application into including unintended files.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The Local File Inclusion (LFI) vulnerability in the WordPress Fermentio Theme allows unauthenticated attackers to access sensitive data such as database credentials and potentially take over the database. This exposure of sensitive information can lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls to protect personal and health-related data from unauthorized access.
Failure to address this vulnerability could result in non-compliance with these standards due to the risk of data breaches and unauthorized data disclosure.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to severe impacts including exposure of sensitive data like database credentials.
Depending on the server configuration, attackers may achieve a full database takeover, compromising the integrity, confidentiality, and availability of the affected system.
The vulnerability has a high CVSS score of 8.1, indicating a high risk and likelihood of exploitation, especially in mass-exploit campaigns.
What immediate steps should I take to mitigate this vulnerability?
The WordPress Fermentio Theme versions 1.5.0 and below are affected by a high-priority Local File Inclusion vulnerability with no official patch available yet.
Immediate mitigation steps include applying the temporary mitigation rule provided by Patchstack to block attacks until an official fix is released.
It is also recommended to update the theme when a patch becomes available or seek assistance from your hosting provider or a developer to secure your system.