CVE-2025-58967 is a Remote File Inclusion (RFI) vulnerability found in the ThemeMove Businext WordPress theme, affecting all versions prior to 2.4.4. The vulnerability arises from improper validation and control of filenames used in PHP include or require statements, allowing an attacker to supply a crafted filename parameter that causes the application to include and execute remote PHP code. This flaw enables remote attackers to execute arbitrary code on the web server without authentication or user interaction, potentially leading to data disclosure, website defacement, or further network compromise. The vulnerability has a CVSS 3.1 base score of 8.2, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and an impact primarily on confidentiality (C:H), with limited integrity impact (I:L) and no availability impact (A:N). Although no public exploits are currently known, the nature of RFI vulnerabilities makes them attractive targets for attackers to deploy web shells or malware. The vulnerability affects the Businext theme, which is used by business and corporate WordPress sites, making it a critical risk for organizations relying on this theme for their online presence. The issue was reserved in early September 2025 and published in late October 2025, indicating recent discovery and disclosure. No official patches or mitigation links were provided in the source data, emphasizing the need for users to seek updates from the vendor or apply manual mitigations.

The impact of CVE-2025-58967 is significant for organizations using the vulnerable Businext theme. Successful exploitation allows remote attackers to execute arbitrary PHP code on the web server, potentially leading to full website compromise. This can result in unauthorized data access or theft, defacement of websites, insertion of malicious content such as malware or phishing pages, and use of the compromised server as a pivot point for further attacks within the organization's network. The confidentiality of sensitive business data and customer information is at high risk. Although availability impact is not directly indicated, secondary effects such as website downtime or blacklisting by search engines can occur. The ease of exploitation without authentication or user interaction increases the likelihood of attacks, especially against publicly accessible websites. Organizations relying on Businext for their corporate or business websites face reputational damage and potential regulatory consequences if customer data is exposed. The threat is particularly relevant for sectors with high online presence and sensitive data, including finance, healthcare, and e-commerce.

To mitigate CVE-2025-58967, organizations should immediately upgrade the Businext theme to version 2.4.4 or later once available from the vendor, as this is the definitive fix for the vulnerability. Until an official patch is applied, administrators should implement strict input validation and sanitization on any parameters used in include or require statements to prevent remote file paths. Disabling allow_url_include and allow_url_fopen directives in the PHP configuration can reduce the risk of remote file inclusion. Employing a Web Application Firewall (WAF) with rules to detect and block suspicious include or require requests can provide an additional layer of defense. Regularly monitoring web server and application logs for unusual file inclusion attempts or unexpected PHP execution patterns is critical for early detection. Restricting file permissions and isolating the web server environment can limit the impact of a successful exploit. Organizations should also conduct security audits of their WordPress themes and plugins to identify and remediate similar vulnerabilities proactively.