CVE-2025-25172 is a high-severity vulnerability classified under CWE-98, which involves improper control of filenames used in include or require statements within PHP programs. Specifically, this vulnerability affects the beeteam368 VidMov product, versions up to and including 1.9.4. The flaw allows for PHP Local File Inclusion (LFI), where an attacker can manipulate the filename parameter used in include or require statements to cause the application to load unintended files from the server. This can lead to arbitrary code execution, disclosure of sensitive information, or complete system compromise. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, but it has a high attack complexity, indicating some conditions or constraints must be met for successful exploitation. The CVSS v3.1 base score is 8.1, reflecting high impact on confidentiality, integrity, and availability. The vulnerability was reserved in early 2025 and published in August 2025, with no known exploits in the wild at the time of reporting. The absence of patch links suggests that a fix may not yet be publicly available or is pending release. The root cause lies in insufficient validation or sanitization of user-controlled input that determines which files are included by the PHP application, enabling attackers to traverse directories or specify local files to be included and executed by the server.

For European organizations using the beeteam368 VidMov software, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized disclosure of sensitive data, including configuration files, credentials, or user data, severely impacting confidentiality. Integrity could be compromised by injecting malicious code or altering application behavior, potentially enabling persistent backdoors or pivoting within the network. Availability may also be affected if attackers disrupt service or cause application crashes. Given that VidMov is a media management or streaming-related product, organizations relying on it for content delivery or internal media workflows could face operational disruptions. The remote and unauthenticated nature of the exploit increases the attack surface, especially for internet-facing deployments. European organizations with regulatory obligations under GDPR must consider the potential data breach implications and associated compliance risks. The lack of known exploits currently provides a window for proactive mitigation before widespread attacks emerge.

Organizations should immediately audit their use of beeteam368 VidMov and identify all instances of the affected versions (up to 1.9.4). Until an official patch is released, implement strict input validation and sanitization on any parameters that influence file inclusion. Employ web application firewalls (WAFs) with rules designed to detect and block suspicious file inclusion attempts, such as directory traversal patterns or unexpected file extensions. Restrict PHP include paths and disable allow_url_include and allow_url_fopen directives in PHP configurations to reduce the risk of remote file inclusion. Conduct thorough code reviews to identify and refactor unsafe include/require statements, replacing dynamic includes with fixed or whitelisted paths. Monitor logs for anomalous access patterns indicative of exploitation attempts. Additionally, isolate VidMov instances in segmented network zones with minimal privileges to limit lateral movement if compromised. Prepare incident response plans specific to this vulnerability to enable rapid containment and recovery once patches become available.