CVE-2025-24761: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in snstheme DSK
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme DSK allows PHP Local File Inclusion. This issue affects DSK: from n/a through 2.2.
AI Analysis
Technical Summary
CVE-2025-24761 is a high-severity vulnerability classified under CWE-98, which pertains to improper control of filenames used in include or require statements within PHP programs. Specifically, this vulnerability affects the DSK product from the snstheme vendor, up to version 2.2. The flaw allows for PHP Local File Inclusion (LFI), where an attacker can manipulate the filename parameter used in PHP include or require statements to include unintended files from the local filesystem. This can lead to arbitrary code execution, disclosure of sensitive information, and full compromise of the affected web application. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, but it has a high attack complexity, meaning some specific conditions or knowledge about the target environment may be necessary to successfully exploit it. The CVSS v3.1 base score is 8.1, reflecting high impact on confidentiality, integrity, and availability. The vulnerability has been publicly disclosed as of June 17, 2025, but no known exploits have been observed in the wild yet. The absence of patch links suggests that a fix may not yet be available or publicly released. The vulnerability arises from insufficient validation or sanitization of user-supplied input used in PHP include/require statements, allowing attackers to traverse directories or specify arbitrary local files. This can lead to execution of malicious code or leakage of configuration files, credentials, or other sensitive data stored on the server. Given that DSK is a PHP-based theme or plugin component, it is likely used in web applications or content management systems, making it a critical risk for websites relying on this software.
Potential Impact
For European organizations, the impact of this vulnerability can be significant, especially for those operating websites or web applications that incorporate the snstheme DSK product. Successful exploitation can lead to full compromise of web servers, enabling attackers to execute arbitrary code, steal sensitive customer or business data, deface websites, or use compromised servers as a foothold for further network intrusion. This can result in data breaches violating GDPR regulations, leading to heavy fines and reputational damage. The availability of affected systems can also be disrupted, impacting business continuity and customer trust. Organizations in sectors such as e-commerce, finance, healthcare, and government are particularly at risk due to the sensitive nature of their data and regulatory requirements. Since the vulnerability does not require authentication or user interaction, attackers can scan and exploit vulnerable systems en masse, increasing the likelihood of widespread impact. The high attack complexity may limit opportunistic attacks but does not preclude targeted campaigns by skilled threat actors. The lack of known exploits in the wild currently provides a window for proactive mitigation before active exploitation begins.
Mitigation Recommendations
1. Immediate code review and input validation: Organizations should audit all PHP include and require statements in the DSK product and any custom code to ensure that user input is never directly used in file inclusion functions without strict validation. 2. Implement allowlists: Restrict included files to a predefined set of safe files or directories, preventing arbitrary file inclusion. 3. Apply least privilege: Run web server processes with minimal permissions to limit the impact of potential file inclusion exploits. 4. Monitor and log file inclusion attempts: Deploy web application firewalls (WAFs) with rules targeting LFI patterns, and enable detailed logging to detect suspicious activity. 5. Isolate vulnerable components: If patching is not immediately possible, consider isolating or disabling the DSK component until a fix is available. 6. Keep PHP and web server software up to date: Ensure the underlying platform is patched against known vulnerabilities that could be chained with this LFI. 7. Engage with the vendor: Monitor snstheme communications for official patches or updates addressing this vulnerability and apply them promptly. 8. Conduct penetration testing: Validate the effectiveness of mitigations and identify any residual risks related to file inclusion or other vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden, Belgium, Austria
CVE-2025-24761: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in snstheme DSK
Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme DSK allows PHP Local File Inclusion. This issue affects DSK: from n/a through 2.2.
AI-Powered Analysis
Technical Analysis
CVE-2025-24761 is a high-severity vulnerability classified under CWE-98, which pertains to improper control of filenames used in include or require statements within PHP programs. Specifically, this vulnerability affects the DSK product from the snstheme vendor, up to version 2.2. The flaw allows for PHP Local File Inclusion (LFI), where an attacker can manipulate the filename parameter used in PHP include or require statements to include unintended files from the local filesystem. This can lead to arbitrary code execution, disclosure of sensitive information, and full compromise of the affected web application. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, but it has a high attack complexity, meaning some specific conditions or knowledge about the target environment may be necessary to successfully exploit it. The CVSS v3.1 base score is 8.1, reflecting high impact on confidentiality, integrity, and availability. The vulnerability has been publicly disclosed as of June 17, 2025, but no known exploits have been observed in the wild yet. The absence of patch links suggests that a fix may not yet be available or publicly released. The vulnerability arises from insufficient validation or sanitization of user-supplied input used in PHP include/require statements, allowing attackers to traverse directories or specify arbitrary local files. This can lead to execution of malicious code or leakage of configuration files, credentials, or other sensitive data stored on the server. Given that DSK is a PHP-based theme or plugin component, it is likely used in web applications or content management systems, making it a critical risk for websites relying on this software.
Potential Impact
For European organizations, the impact of this vulnerability can be significant, especially for those operating websites or web applications that incorporate the snstheme DSK product. Successful exploitation can lead to full compromise of web servers, enabling attackers to execute arbitrary code, steal sensitive customer or business data, deface websites, or use compromised servers as a foothold for further network intrusion. This can result in data breaches violating GDPR regulations, leading to heavy fines and reputational damage. The availability of affected systems can also be disrupted, impacting business continuity and customer trust. Organizations in sectors such as e-commerce, finance, healthcare, and government are particularly at risk due to the sensitive nature of their data and regulatory requirements. Since the vulnerability does not require authentication or user interaction, attackers can scan and exploit vulnerable systems en masse, increasing the likelihood of widespread impact. The high attack complexity may limit opportunistic attacks but does not preclude targeted campaigns by skilled threat actors. The lack of known exploits in the wild currently provides a window for proactive mitigation before active exploitation begins.
Mitigation Recommendations
1. Immediate code review and input validation: Organizations should audit all PHP include and require statements in the DSK product and any custom code to ensure that user input is never directly used in file inclusion functions without strict validation. 2. Implement allowlists: Restrict included files to a predefined set of safe files or directories, preventing arbitrary file inclusion. 3. Apply least privilege: Run web server processes with minimal permissions to limit the impact of potential file inclusion exploits. 4. Monitor and log file inclusion attempts: Deploy web application firewalls (WAFs) with rules targeting LFI patterns, and enable detailed logging to detect suspicious activity. 5. Isolate vulnerable components: If patching is not immediately possible, consider isolating or disabling the DSK component until a fix is available. 6. Keep PHP and web server software up to date: Ensure the underlying platform is patched against known vulnerabilities that could be chained with this LFI. 7. Engage with the vendor: Monitor snstheme communications for official patches or updates addressing this vulnerability and apply them promptly. 8. Conduct penetration testing: Validate the effectiveness of mitigations and identify any residual risks related to file inclusion or other vulnerabilities.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-01-23T14:53:08.867Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68518788a8c921274385debb
Added to database: 6/17/2025, 3:19:36 PM
Last enriched: 6/17/2025, 4:22:18 PM
Last updated: 8/15/2025, 8:06:05 PM
Views: 10
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.