CVE-2025-58967 is a vulnerability classified as PHP Remote File Inclusion (RFI) found in the ThemeMove Businext WordPress theme, affecting versions prior to 2.4.4. The root cause is improper control over the filename parameter used in PHP include or require statements, which allows an attacker to specify a remote file URL that the application will include and execute. This type of vulnerability enables remote code execution by injecting malicious PHP code hosted on an attacker-controlled server. The vulnerability does not require any authentication or user interaction, making it highly exploitable over the network. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) indicates network attack vector, low attack complexity, no privileges or user interaction needed, with high confidentiality impact and limited integrity impact, and no availability impact. Although no known exploits are reported in the wild yet, the nature of RFI vulnerabilities makes them attractive targets for attackers aiming to compromise web servers, steal sensitive data, or pivot within networks. The vulnerability affects the Businext theme, which is used to build business and corporate websites on WordPress, a widely deployed CMS platform. The improper input validation or sanitization of the filename parameter in the theme's PHP code is the technical root cause, allowing external URLs to be included and executed. This can lead to unauthorized disclosure of sensitive information and partial modification of data or application behavior.

For European organizations, the impact of CVE-2025-58967 can be significant, especially for those relying on WordPress websites using the Businext theme for business operations, marketing, or e-commerce. Successful exploitation can lead to unauthorized disclosure of sensitive customer or corporate data, undermining confidentiality. Attackers may also execute arbitrary PHP code, potentially modifying website content or injecting malicious payloads that could harm the organization's reputation or lead to further compromise. Although availability is not directly impacted, the breach of confidentiality and partial integrity loss can result in regulatory non-compliance, especially under GDPR, leading to legal and financial penalties. The ease of exploitation without authentication increases the risk of widespread attacks. Organizations with public-facing websites are particularly vulnerable, as attackers can scan for vulnerable Businext installations and attempt remote file inclusion attacks. The threat also extends to third-party service providers or partners using the theme, potentially creating supply chain risks.

To mitigate CVE-2025-58967, European organizations should immediately update the Businext theme to version 2.4.4 or later, where the vulnerability is patched. If immediate patching is not feasible, organizations should implement web application firewall (WAF) rules to block suspicious requests containing remote file inclusion patterns or unexpected URL parameters in include/require statements. Disabling allow_url_include and allow_url_fopen directives in PHP configurations can prevent remote file inclusion attacks at the server level. Conduct thorough code reviews and input validation audits on custom themes or plugins to ensure no unsafe dynamic includes exist. Monitor web server logs for unusual access patterns or attempts to include remote files. Employ network segmentation and least privilege principles to limit the impact of potential compromises. Additionally, organizations should maintain regular backups and incident response plans tailored to web application compromises. Educating web administrators about this vulnerability and ensuring timely updates of all WordPress components is critical.