CVE-2025-49252: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in thembay Besa
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa allows PHP Local File Inclusion. This issue affects Besa: from n/a through 2.3.8.
AI Analysis
Technical Summary
CVE-2025-49252 is a high-severity vulnerability classified under CWE-98, which pertains to improper control of filenames used in include or require statements within PHP applications. Specifically, this vulnerability affects the thembay Besa product, versions up to and including 2.3.8. The flaw allows an attacker to perform a PHP Local File Inclusion (LFI) attack by manipulating the filename parameter that is used in include or require statements without proper validation or sanitization. This can lead to the inclusion and execution of arbitrary local files on the server. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:H/PR:N/UI:N). However, the attack complexity is high (AC:H), meaning that exploitation requires specific conditions or knowledge, such as the presence of certain files or configurations on the target system. The impact of successful exploitation is critical, affecting confidentiality, integrity, and availability (C:H/I:H/A:H). An attacker could execute arbitrary code, read sensitive files, or cause denial of service by including malicious or unintended files. No known exploits are currently reported in the wild, and no patches or fixes have been published at the time of this analysis. The vulnerability was reserved and published in June 2025, indicating it is a recent discovery. Given the nature of PHP applications and the widespread use of thembay Besa in web environments, this vulnerability poses a significant risk to affected systems if left unmitigated.
Potential Impact
For European organizations, the impact of CVE-2025-49252 can be substantial, especially for those relying on the thembay Besa PHP product in their web infrastructure. Successful exploitation could lead to unauthorized disclosure of sensitive data, including personal data protected under GDPR, resulting in regulatory penalties and reputational damage. Integrity of web applications could be compromised, allowing attackers to inject malicious code or deface websites, undermining trust and business continuity. Availability may also be affected if attackers leverage the vulnerability to cause denial of service or disrupt critical services. Sectors such as e-commerce, government portals, and financial services that commonly use PHP-based CMS or frameworks may be particularly vulnerable. The high severity and remote exploitability without authentication increase the urgency for European entities to assess their exposure and implement mitigations promptly. Additionally, the lack of known exploits in the wild suggests a window of opportunity to proactively secure systems before widespread attacks occur.
Mitigation Recommendations
1. Immediate code review and validation: Organizations should audit all include and require statements in their thembay Besa installations to ensure that filenames are strictly validated against a whitelist of allowed files or sanitized to prevent directory traversal or injection of malicious paths. 2. Apply virtual patching: Until an official patch is released, implement web application firewall (WAF) rules to detect and block suspicious requests attempting to exploit file inclusion, such as those containing directory traversal sequences or unexpected parameters. 3. Restrict file permissions: Limit the web server's file system permissions to prevent access to sensitive files that could be included maliciously. 4. Disable remote file inclusion features: If possible, configure PHP settings such as 'allow_url_include' to 'Off' to prevent inclusion of remote files. 5. Monitor logs and alerts: Set up monitoring for unusual access patterns or errors related to file inclusion attempts to detect early exploitation attempts. 6. Plan for patch deployment: Stay informed on vendor updates and apply official patches as soon as they become available. 7. Isolate vulnerable components: Where feasible, isolate the thembay Besa application in a segmented network zone to limit potential lateral movement in case of compromise.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2025-49252: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in thembay Besa
Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa allows PHP Local File Inclusion. This issue affects Besa: from n/a through 2.3.8.
AI-Powered Analysis
Technical Analysis
CVE-2025-49252 is a high-severity vulnerability classified under CWE-98, which pertains to improper control of filenames used in include or require statements within PHP applications. Specifically, this vulnerability affects the thembay Besa product, versions up to and including 2.3.8. The flaw allows an attacker to perform a PHP Local File Inclusion (LFI) attack by manipulating the filename parameter that is used in include or require statements without proper validation or sanitization. This can lead to the inclusion and execution of arbitrary local files on the server. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:H/PR:N/UI:N). However, the attack complexity is high (AC:H), meaning that exploitation requires specific conditions or knowledge, such as the presence of certain files or configurations on the target system. The impact of successful exploitation is critical, affecting confidentiality, integrity, and availability (C:H/I:H/A:H). An attacker could execute arbitrary code, read sensitive files, or cause denial of service by including malicious or unintended files. No known exploits are currently reported in the wild, and no patches or fixes have been published at the time of this analysis. The vulnerability was reserved and published in June 2025, indicating it is a recent discovery. Given the nature of PHP applications and the widespread use of thembay Besa in web environments, this vulnerability poses a significant risk to affected systems if left unmitigated.
Potential Impact
For European organizations, the impact of CVE-2025-49252 can be substantial, especially for those relying on the thembay Besa PHP product in their web infrastructure. Successful exploitation could lead to unauthorized disclosure of sensitive data, including personal data protected under GDPR, resulting in regulatory penalties and reputational damage. Integrity of web applications could be compromised, allowing attackers to inject malicious code or deface websites, undermining trust and business continuity. Availability may also be affected if attackers leverage the vulnerability to cause denial of service or disrupt critical services. Sectors such as e-commerce, government portals, and financial services that commonly use PHP-based CMS or frameworks may be particularly vulnerable. The high severity and remote exploitability without authentication increase the urgency for European entities to assess their exposure and implement mitigations promptly. Additionally, the lack of known exploits in the wild suggests a window of opportunity to proactively secure systems before widespread attacks occur.
Mitigation Recommendations
1. Immediate code review and validation: Organizations should audit all include and require statements in their thembay Besa installations to ensure that filenames are strictly validated against a whitelist of allowed files or sanitized to prevent directory traversal or injection of malicious paths. 2. Apply virtual patching: Until an official patch is released, implement web application firewall (WAF) rules to detect and block suspicious requests attempting to exploit file inclusion, such as those containing directory traversal sequences or unexpected parameters. 3. Restrict file permissions: Limit the web server's file system permissions to prevent access to sensitive files that could be included maliciously. 4. Disable remote file inclusion features: If possible, configure PHP settings such as 'allow_url_include' to 'Off' to prevent inclusion of remote files. 5. Monitor logs and alerts: Set up monitoring for unusual access patterns or errors related to file inclusion attempts to detect early exploitation attempts. 6. Plan for patch deployment: Stay informed on vendor updates and apply official patches as soon as they become available. 7. Isolate vulnerable components: Where feasible, isolate the thembay Besa application in a segmented network zone to limit potential lateral movement in case of compromise.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-06-04T09:41:05.254Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68518789a8c921274385df21
Added to database: 6/17/2025, 3:19:37 PM
Last enriched: 6/17/2025, 3:53:46 PM
Last updated: 8/12/2025, 5:48:46 PM
Views: 11
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.