CVE-2025-49935 is a Remote File Inclusion (RFI) vulnerability found in the xtemos WoodMart WordPress theme versions prior to 8.3.2. The vulnerability arises from improper validation and control of filenames passed to PHP include or require statements. This flaw allows an attacker with at least low-level privileges (PR:L) to manipulate the filename parameter to include remote or local files. Since the vulnerability is remotely exploitable over the network (AV:N) without user interaction (UI:N), it poses a significant risk. Successful exploitation can lead to partial compromise of confidentiality, integrity, and availability (C:L/I:L/A:L) of the affected web server. Attackers may execute arbitrary PHP code, access sensitive files, or cause denial of service by including malicious payloads. The vulnerability has a CVSS v3.1 base score of 7.4, reflecting its high severity. Although no known exploits are currently reported in the wild, the widespread use of WoodMart in e-commerce and business websites makes this a critical issue to address. The vulnerability was publicly disclosed in October 2025, with a reservation date in June 2025. No official patches or mitigation links were provided in the source data, indicating the need for users to monitor vendor updates closely.

The impact of CVE-2025-49935 is significant for organizations using the vulnerable WoodMart theme. Exploitation can lead to unauthorized code execution, allowing attackers to compromise website functionality, steal sensitive data, or deploy malware. This can result in data breaches, defacement, loss of customer trust, and potential regulatory penalties. The ability to include remote files increases the attack surface, enabling attackers to execute arbitrary scripts hosted externally. The vulnerability affects the confidentiality, integrity, and availability of affected systems. E-commerce sites using WoodMart are particularly at risk, as attackers could manipulate transactions or customer data. The requirement for low-level privileges means that attackers may need to compromise a low-privileged account first, but no user interaction is needed, facilitating automated exploitation. The lack of known exploits in the wild currently reduces immediate risk but does not diminish the urgency of remediation due to the vulnerability's high severity and potential impact.

1. Immediately update WoodMart themes to version 8.3.2 or later once available, as this is the definitive fix for the vulnerability. 2. In the absence of an official patch, implement strict input validation and sanitization on any parameters that control file inclusion to prevent malicious input. 3. Disable the allow_url_include directive in PHP configuration to prevent remote file inclusion if not required by the application. 4. Employ Web Application Firewalls (WAFs) with rules designed to detect and block attempts to exploit file inclusion vulnerabilities. 5. Restrict file permissions on the web server to limit the ability of the web application to read or execute unauthorized files. 6. Monitor logs for suspicious requests attempting to manipulate include or require parameters. 7. Limit user privileges to the minimum necessary to reduce the risk posed by low-privileged accounts. 8. Conduct regular security audits and vulnerability scans focusing on WordPress themes and plugins. 9. Educate development and operations teams about secure coding practices related to file inclusion. 10. Maintain an incident response plan to quickly address any exploitation attempts.