CVE-2025-49935 is a vulnerability classified as 'Improper Control of Filename for Include/Require Statement in PHP Program,' commonly referred to as a Remote File Inclusion (RFI) vulnerability, found in the xtemos WoodMart WordPress theme. The vulnerability affects all versions prior to 8.3.2 and allows an attacker with low privileges to manipulate the filename parameter used in PHP include or require statements. This manipulation can cause the application to include and execute remote or local malicious files. The vulnerability arises because the application fails to properly validate or sanitize user-supplied input that controls the file path for inclusion. Exploiting this flaw can lead to remote code execution, enabling attackers to execute arbitrary PHP code on the server, potentially leading to data leakage, defacement, or denial of service. The CVSS v3.1 base score is 7.4, reflecting a network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), and a scope change (S:C), with partial impacts on confidentiality, integrity, and availability (C:L/I:L/A:L). Although no public exploits are currently known, the vulnerability's nature and severity make it a critical risk for websites using vulnerable WoodMart versions. The issue was reserved in June 2025 and published in October 2025, indicating recent discovery and disclosure. The lack of official patch links suggests that users should monitor vendor updates closely or apply temporary mitigations. Given WoodMart's role as a popular e-commerce theme, exploitation could disrupt business operations and compromise customer data.

For European organizations, particularly those operating e-commerce platforms or websites using the WoodMart theme, this vulnerability poses a significant threat. Successful exploitation could lead to unauthorized remote code execution, allowing attackers to manipulate website content, steal sensitive customer data, or disrupt service availability. This can result in financial losses, reputational damage, and regulatory penalties under GDPR due to data breaches. The scope change in the vulnerability means that an attacker can escalate privileges or impact other components beyond the initial vulnerable application. Since the attack vector is network-based and requires only low privileges without user interaction, the risk of automated exploitation or wormable attacks exists once exploit code becomes available. Organizations relying on WoodMart for critical business functions or handling personal data are particularly vulnerable. Additionally, the potential for defacement or malware injection could harm customer trust and brand integrity. The absence of known exploits currently provides a window for proactive mitigation, but the high severity score demands urgent attention.

1. Immediately upgrade the WoodMart theme to version 8.3.2 or later once available from the vendor to apply official patches addressing this vulnerability. 2. Until patching is possible, implement strict input validation and sanitization on all parameters controlling file inclusion paths to prevent injection of malicious filenames. 3. Deploy Web Application Firewall (WAF) rules specifically designed to detect and block suspicious include/require requests or attempts to access remote files. 4. Restrict PHP configuration settings such as 'allow_url_include' and 'allow_url_fopen' to 'Off' to prevent remote file inclusion via URL wrappers. 5. Conduct a thorough audit of server and application logs to detect any anomalous file inclusion attempts or suspicious activity. 6. Limit privileges of web server processes and application users to minimize the impact of potential exploitation. 7. Regularly back up website data and configurations to enable rapid recovery in case of compromise. 8. Monitor threat intelligence sources for any emerging exploit code or attack campaigns targeting this vulnerability. 9. Educate development and security teams about secure coding practices related to file inclusion and input validation.