CVE-2025-58942 is a vulnerability classified as Improper Control of Filename for Include/Require Statement in PHP programs, commonly known as a Remote File Inclusion (RFI) vulnerability. It affects the axiomthemes Dwell WordPress theme up to version 1.7.0. The root cause is insufficient validation or sanitization of user-controlled input used in PHP include or require statements, which allows an attacker to manipulate the filename parameter to include arbitrary files. This can be exploited remotely by crafting a specially crafted URL or request that causes the server to load and execute malicious code from a remote or local file. The impact includes arbitrary code execution, full site takeover, data leakage, and potential pivoting within the hosting environment. The vulnerability does not require authentication, increasing its risk profile. No CVSS score has been assigned yet, and no public exploits have been reported, but the nature of RFI vulnerabilities historically leads to rapid exploitation once disclosed. The affected product, Dwell, is a WordPress theme, widely used in various sectors for website presentation, making the attack surface significant for organizations relying on this theme. The vulnerability was reserved in September 2025 and published in December 2025, indicating recent discovery and disclosure.

For European organizations, this vulnerability poses a high risk to the confidentiality, integrity, and availability of web assets. Exploitation can lead to full compromise of websites running the Dwell theme, enabling attackers to execute arbitrary PHP code, deface websites, steal sensitive user data, or deploy malware such as web shells or ransomware. This can disrupt business operations, damage brand reputation, and lead to regulatory penalties under GDPR if personal data is exposed. Organizations with e-commerce platforms, media outlets, or public-facing portals using WordPress and the Dwell theme are particularly vulnerable. The ease of exploitation without authentication increases the likelihood of automated scanning and mass exploitation campaigns targeting European websites. Additionally, compromised sites can be used as launchpads for further attacks against internal networks or customers, amplifying the impact.

1. Immediately update the Dwell theme to a patched version once available from axiomthemes or remove the theme if it is not actively used. 2. If patching is not immediately possible, disable the theme or restrict access to vulnerable endpoints via web server configuration or firewall rules. 3. Implement strict input validation and sanitization on all parameters that influence file inclusion to prevent injection of malicious paths. 4. Deploy a Web Application Firewall (WAF) with rules to detect and block Remote File Inclusion attempts, including suspicious URL parameters and payloads. 5. Conduct a thorough security audit of all WordPress plugins and themes to identify similar vulnerabilities. 6. Monitor web server logs for unusual requests or errors indicative of exploitation attempts. 7. Educate web administrators on secure coding practices and the risks of including user-controlled input in file operations. 8. Regularly back up website data and configurations to enable rapid recovery in case of compromise.