CVE-2025-58944 is a Remote File Inclusion (RFI) vulnerability found in the axiomthemes Manufactory WordPress theme, specifically in versions up to 1.4. The vulnerability arises from improper control of the filename parameter used in PHP include or require statements, allowing an attacker to specify a remote file that the server will include and execute. This flaw enables attackers to execute arbitrary PHP code remotely without authentication or user interaction, posing a severe risk to the confidentiality and integrity of affected systems. The vulnerability is network exploitable (AV:N), requires no privileges (PR:N), and no user interaction (UI:N), with a CVSS v3.1 base score of 8.2, reflecting its high severity. The impact primarily affects confidentiality (C:H) with some integrity impact (I:L) but no availability impact (A:N). Although no public exploits are currently known, the vulnerability's nature and ease of exploitation make it a critical concern for websites using this theme. The vulnerability was reserved in September 2025 and published in December 2025, indicating recent discovery. The lack of available patches or updates at the time of publication increases the urgency for mitigation. Attackers exploiting this vulnerability could execute arbitrary code, steal sensitive data, or pivot within the compromised environment. Given the widespread use of WordPress and themes like Manufactory, this vulnerability could be leveraged in targeted attacks or mass exploitation campaigns.

For European organizations, this vulnerability poses a significant threat to websites and web applications using the Manufactory theme. Successful exploitation can lead to unauthorized code execution, data breaches, website defacement, and potential lateral movement within internal networks. Confidential information stored or processed by the affected websites could be exposed, leading to compliance violations under GDPR and other data protection regulations. The integrity of web content and backend systems may be compromised, damaging organizational reputation and trust. Since the vulnerability requires no authentication and no user interaction, automated exploitation attempts could rapidly affect multiple targets. Organizations relying on Manufactory for e-commerce, corporate presence, or customer portals are particularly at risk. The absence of known exploits currently provides a window for proactive mitigation, but the high CVSS score and ease of exploitation suggest attackers may develop exploits soon. The impact extends beyond individual websites to potentially affect connected systems and services within the European digital ecosystem.

1. Immediately audit all WordPress installations for the presence of the Manufactory theme, especially versions up to 1.4. 2. If possible, upgrade to a patched version once available; monitor vendor announcements for updates. 3. In the absence of patches, implement web application firewall (WAF) rules to block suspicious requests attempting to manipulate include/require parameters or remote file URLs. 4. Restrict PHP configuration to disable remote file inclusion by setting 'allow_url_include' to 'Off' and 'allow_url_fopen' to 'Off' where feasible. 5. Harden server configurations to limit PHP execution to trusted directories and disable unnecessary PHP functions. 6. Conduct regular file integrity monitoring to detect unauthorized changes to theme files. 7. Employ network-level monitoring and intrusion detection systems to identify anomalous outbound connections indicative of exploitation attempts. 8. Educate web administrators about the risks of using outdated themes and the importance of timely updates. 9. Consider isolating critical web applications in segmented network zones to limit potential lateral movement. 10. Prepare incident response plans to quickly address any detected exploitation.