CVE-2025-47571 is a high-severity vulnerability classified under CWE-98, which pertains to improper control of filenames used in include or require statements within PHP programs. Specifically, this vulnerability affects the highwarden Super Store Finder product, versions up to and including 6.9.7. The flaw allows an attacker to perform Remote File Inclusion (RFI), a critical security issue where an attacker can manipulate the filename parameter in PHP include/require statements to load and execute malicious code from a remote server. This occurs because the application does not properly validate or sanitize user-supplied input that determines which files are included. Exploiting this vulnerability could enable an attacker to execute arbitrary PHP code on the affected server, leading to full system compromise. The CVSS v3.1 base score is 7.5, indicating a high severity level. The vector string (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) shows that the attack can be performed remotely over the network without privileges but requires user interaction. The attack complexity is high, meaning exploitation is not trivial but possible. Successful exploitation impacts confidentiality, integrity, and availability severely, allowing data theft, modification, or denial of service. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved in May 2025 and published in September 2025, indicating recent discovery and disclosure. Given the nature of Super Store Finder as a location-based store locator tool often integrated into websites, compromised systems could serve as a pivot point for further attacks or data breaches.

For European organizations using highwarden Super Store Finder, this vulnerability poses significant risks. Attackers exploiting this flaw could gain unauthorized access to sensitive customer data, including location information and possibly payment or user credentials if integrated with e-commerce systems. The ability to execute arbitrary code remotely could lead to website defacement, data exfiltration, or deployment of ransomware. Retailers and service providers relying on Super Store Finder for customer engagement may face operational disruptions, reputational damage, and regulatory penalties under GDPR if personal data is compromised. The requirement for user interaction (e.g., clicking a malicious link) slightly reduces risk but does not eliminate it, especially in phishing-prone environments. The high attack complexity may limit widespread exploitation but targeted attacks against high-value European businesses remain a concern. Additionally, compromised web servers could be used as launchpads for attacks against other internal systems, amplifying the impact.

European organizations should immediately audit their web applications to identify deployments of highwarden Super Store Finder, especially versions up to 6.9.7. Until an official patch is released, implement the following mitigations: 1) Employ web application firewalls (WAFs) with custom rules to detect and block suspicious include/require parameter manipulations and known RFI attack patterns. 2) Disable remote file inclusion capabilities in PHP configurations by setting 'allow_url_include' to 'Off' and 'allow_url_fopen' to 'Off' if not required. 3) Apply strict input validation and sanitization on all user-supplied parameters that influence file inclusion, using whitelisting approaches to restrict allowed filenames. 4) Monitor web server logs for anomalous requests that attempt to include external URLs or unusual file paths. 5) Educate users and staff about phishing risks to reduce the likelihood of user interaction exploitation. 6) Prepare for rapid patch deployment once the vendor releases an official fix. 7) Consider isolating the affected application in a segmented network zone to limit lateral movement in case of compromise.