CVE-2025-49360 is a Local File Inclusion (LFI) vulnerability found in the AncoraThemes Militarology WordPress theme, versions up to 1.0.15. The vulnerability arises from improper control of the filename parameter used in PHP include or require statements, allowing an attacker to manipulate the input to include arbitrary files from the server's filesystem. This can lead to disclosure of sensitive files such as configuration files, password files, or other critical data. In some cases, if combined with other vulnerabilities or misconfigurations, it may enable remote code execution by including files containing malicious code. The vulnerability does not require authentication, making it accessible to unauthenticated attackers scanning for vulnerable installations. Although no public exploits are currently known, the flaw is significant due to the widespread use of WordPress themes and the common practice of including files dynamically in PHP. The lack of a CVSS score indicates that the vulnerability is newly published and awaiting further analysis. The theme's improper input validation and sanitization of the filename parameter is the root cause, highlighting a common security oversight in PHP-based web applications. The vulnerability was reserved in June 2025 and published in December 2025, indicating recent discovery and disclosure.

For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive information, including credentials, internal configuration, or personal data, potentially violating GDPR requirements. If exploited, attackers could gain insights into the internal structure of web servers, facilitating further attacks such as privilege escalation or lateral movement. The availability of the affected theme in multiple European countries increases the risk of widespread exploitation. Organizations relying on the Militarology theme for their websites may face reputational damage, data breaches, and operational disruptions. The vulnerability's ability to be exploited without authentication lowers the barrier for attackers, increasing the likelihood of automated scanning and exploitation attempts. Additionally, the exposure of sensitive files could aid attackers in crafting targeted phishing or social engineering campaigns against European entities. The impact is particularly critical for sectors handling sensitive data, such as finance, healthcare, and government institutions within Europe.

Immediate mitigation involves disabling or removing the Militarology theme from production environments until a secure patch is available. Organizations should monitor the AncoraThemes vendor channels for official updates or patches addressing this vulnerability. In the absence of a patch, manual code review and modification are recommended to sanitize and validate all input parameters used in include/require statements, ensuring only allowed files can be included. Implementing a whitelist of permissible files or using fixed file paths instead of dynamic inputs can prevent exploitation. Web application firewalls (WAFs) should be configured to detect and block suspicious requests attempting to manipulate include parameters. Regularly auditing web server logs for unusual access patterns or attempts to include local files can help detect exploitation attempts early. Additionally, organizations should ensure that file permissions on the server restrict access to sensitive files, limiting the potential impact of LFI attacks. Conducting security awareness training for developers on secure coding practices related to file inclusion is also advisable.