Skip to main content

CVE-2025-49252: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in thembay Besa

High
VulnerabilityCVE-2025-49252cvecve-2025-49252cwe-98
Published: Tue Jun 17 2025 (06/17/2025, 15:01:29 UTC)
Source: CVE Database V5
Vendor/Project: thembay
Product: Besa

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa allows PHP Local File Inclusion. This issue affects Besa: from n/a through 2.3.8.

AI-Powered Analysis

AILast updated: 06/17/2025, 15:53:46 UTC

Technical Analysis

CVE-2025-49252 is a high-severity vulnerability classified under CWE-98, which pertains to improper control of filenames used in include or require statements within PHP applications. Specifically, this vulnerability affects the thembay Besa product, versions up to and including 2.3.8. The flaw allows an attacker to perform a PHP Local File Inclusion (LFI) attack by manipulating the filename parameter that is used in include or require statements without proper validation or sanitization. This can lead to the inclusion and execution of arbitrary local files on the server. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:H/PR:N/UI:N). However, the attack complexity is high (AC:H), meaning that exploitation requires specific conditions or knowledge, such as the presence of certain files or configurations on the target system. The impact of successful exploitation is critical, affecting confidentiality, integrity, and availability (C:H/I:H/A:H). An attacker could execute arbitrary code, read sensitive files, or cause denial of service by including malicious or unintended files. No known exploits are currently reported in the wild, and no patches or fixes have been published at the time of this analysis. The vulnerability was reserved and published in June 2025, indicating it is a recent discovery. Given the nature of PHP applications and the widespread use of thembay Besa in web environments, this vulnerability poses a significant risk to affected systems if left unmitigated.

Potential Impact

For European organizations, the impact of CVE-2025-49252 can be substantial, especially for those relying on the thembay Besa PHP product in their web infrastructure. Successful exploitation could lead to unauthorized disclosure of sensitive data, including personal data protected under GDPR, resulting in regulatory penalties and reputational damage. Integrity of web applications could be compromised, allowing attackers to inject malicious code or deface websites, undermining trust and business continuity. Availability may also be affected if attackers leverage the vulnerability to cause denial of service or disrupt critical services. Sectors such as e-commerce, government portals, and financial services that commonly use PHP-based CMS or frameworks may be particularly vulnerable. The high severity and remote exploitability without authentication increase the urgency for European entities to assess their exposure and implement mitigations promptly. Additionally, the lack of known exploits in the wild suggests a window of opportunity to proactively secure systems before widespread attacks occur.

Mitigation Recommendations

1. Immediate code review and validation: Organizations should audit all include and require statements in their thembay Besa installations to ensure that filenames are strictly validated against a whitelist of allowed files or sanitized to prevent directory traversal or injection of malicious paths. 2. Apply virtual patching: Until an official patch is released, implement web application firewall (WAF) rules to detect and block suspicious requests attempting to exploit file inclusion, such as those containing directory traversal sequences or unexpected parameters. 3. Restrict file permissions: Limit the web server's file system permissions to prevent access to sensitive files that could be included maliciously. 4. Disable remote file inclusion features: If possible, configure PHP settings such as 'allow_url_include' to 'Off' to prevent inclusion of remote files. 5. Monitor logs and alerts: Set up monitoring for unusual access patterns or errors related to file inclusion attempts to detect early exploitation attempts. 6. Plan for patch deployment: Stay informed on vendor updates and apply official patches as soon as they become available. 7. Isolate vulnerable components: Where feasible, isolate the thembay Besa application in a segmented network zone to limit potential lateral movement in case of compromise.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-06-04T09:41:05.254Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68518789a8c921274385df21

Added to database: 6/17/2025, 3:19:37 PM

Last enriched: 6/17/2025, 3:53:46 PM

Last updated: 8/6/2025, 8:20:02 AM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats