CVE-2025-2101 is a Local File Inclusion vulnerability classified under CWE-98, affecting the EduMall - Professional LMS Education Center WordPress theme developed by ThemeMove. The flaw exists in all versions up to 4.2.4 within the 'edumall_lazy_load_template' AJAX action, specifically through the 'template' parameter. This parameter lacks proper validation and sanitization, enabling unauthenticated attackers to manipulate it to include arbitrary PHP files from the server. When exploited, this allows execution of arbitrary PHP code, which can lead to full remote code execution (RCE). The vulnerability is remotely exploitable over the network without authentication or user interaction, but with high attack complexity, likely due to the need to upload or locate suitable PHP files on the server. The CVSS v3.1 base score is 8.1, reflecting high confidentiality, integrity, and availability impacts. Although no known exploits are currently in the wild, the vulnerability poses a significant risk to websites using the EduMall theme, especially those hosting sensitive educational content or personal data. The absence of official patches at the time of disclosure increases the urgency for organizations to implement interim mitigations. This vulnerability can be leveraged to bypass access controls, extract sensitive information, or execute arbitrary commands on the server, potentially leading to full system compromise.

The impact of CVE-2025-2101 is severe for organizations using the EduMall WordPress theme, particularly educational institutions and LMS providers. Successful exploitation can result in remote code execution, allowing attackers to take full control of the affected web server. This can lead to unauthorized access to sensitive student and staff data, modification or deletion of educational content, and disruption of LMS services. The breach of confidentiality, integrity, and availability can damage organizational reputation, lead to regulatory penalties, and cause operational downtime. Since WordPress is widely used globally, and EduMall targets the education sector, the scope of affected systems could be substantial. Attackers could also use compromised servers as pivot points for further network infiltration or to launch attacks on connected systems. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing the risk of automated attacks and widespread compromise.

To mitigate CVE-2025-2101, organizations should immediately restrict access to the 'edumall_lazy_load_template' AJAX action by implementing IP whitelisting or authentication controls to prevent unauthenticated requests. Input validation must be enforced on the 'template' parameter to allow only expected, safe values and prevent directory traversal or arbitrary file inclusion. Web application firewalls (WAFs) should be configured to detect and block suspicious requests targeting this parameter. Administrators should monitor server logs for unusual file inclusion attempts or unexpected PHP file executions. Until an official patch is released, consider disabling the vulnerable AJAX action if feasible or replacing the theme with a secure alternative. Regular backups and incident response plans should be in place to recover from potential compromises. Additionally, educating developers and administrators about secure coding practices for file inclusion can prevent similar vulnerabilities in the future.