CVE-2025-58995 is a vulnerability classified as 'Improper Control of Filename for Include/Require Statement' in the PHP-based product Leblix by Creatives_Planet, affecting versions up to 2.4. The vulnerability allows remote attackers to perform Remote File Inclusion (RFI) attacks by manipulating the filename parameter used in PHP include or require statements. This improper validation or sanitization enables attackers to supply a remote URL or file path that the application will include and execute, leading to arbitrary code execution within the context of the web server. The vulnerability is exploitable over the network without requiring authentication, though it requires user interaction, such as clicking a crafted link or visiting a malicious page. The CVSS v3.1 score of 8.1 reflects high impact on confidentiality and integrity, with no impact on availability. The vulnerability can lead to data theft, unauthorized system control, and potential pivoting within the victim's network. Although no public exploits are known at this time, the nature of RFI vulnerabilities historically makes them attractive targets for attackers. The vulnerability affects web applications running PHP on Leblix, which is used for content management or web services, making it critical to address in environments where Leblix is deployed. The lack of available patches at publication time necessitates immediate risk mitigation through configuration and monitoring.

For European organizations, exploitation of CVE-2025-58995 could result in severe data breaches, unauthorized access to sensitive information, and potential full compromise of affected web servers. Given the high confidentiality and integrity impact, attackers could exfiltrate personal data, intellectual property, or manipulate data to disrupt business processes. The vulnerability could also serve as a foothold for further lateral movement within corporate networks, increasing the risk of ransomware or espionage attacks. Organizations in sectors such as finance, healthcare, government, and critical infrastructure are particularly at risk due to the sensitive nature of their data and regulatory requirements under GDPR. The remote and unauthenticated nature of the exploit increases the likelihood of widespread attacks, especially if attackers develop automated exploit tools. The absence of known exploits currently provides a window for proactive defense, but the risk remains high due to the ease of exploitation and potential impact.

1. Monitor for official patches or updates from Creatives_Planet and apply them immediately upon release. 2. Until patches are available, restrict PHP include paths using open_basedir or disable remote file inclusion in php.ini (allow_url_include=Off). 3. Implement strict input validation and sanitization on all parameters that influence file inclusion to prevent injection of remote URLs or arbitrary paths. 4. Deploy Web Application Firewalls (WAFs) with rules specifically designed to detect and block RFI attack patterns targeting Leblix or PHP applications. 5. Conduct thorough code reviews and audits of custom PHP code in Leblix deployments to identify and remediate unsafe include/require usage. 6. Employ network segmentation to isolate web servers running Leblix from sensitive internal systems to limit lateral movement. 7. Monitor web server logs and network traffic for suspicious requests indicative of RFI attempts. 8. Educate users about phishing and social engineering risks since exploitation requires user interaction. 9. Consider disabling or limiting Leblix usage if not critical until a secure version is available.