CVE-2025-58995 is a vulnerability classified as improper control of filename for include/require statements in the PHP-based Creatives_Planet Leblix product, versions up to 2.4. This vulnerability enables Remote File Inclusion (RFI), where an attacker can manipulate input parameters that control PHP include or require statements to load and execute remote malicious PHP code. The vulnerability arises because the application fails to properly validate or sanitize the filename input before including it, allowing arbitrary external URLs to be specified. Exploiting this vulnerability can lead to full compromise of the affected web server, including unauthorized access to sensitive data (confidentiality impact) and modification or injection of malicious code (integrity impact). The CVSS v3.1 score of 8.1 reflects a high severity with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R), and impacting confidentiality and integrity at a high level (C:H/I:H) without affecting availability (A:N). Although no public exploits have been reported yet, the vulnerability is critical due to its ease of exploitation and potential damage. The vulnerability was reserved in early September 2025 and published in November 2025, indicating recent discovery. The lack of available patches at the time of reporting increases the urgency for mitigation. This vulnerability is particularly relevant for organizations running web applications or CMS platforms built on Leblix, especially those exposed to the internet. Attackers could leverage phishing or social engineering to induce user interaction necessary for exploitation. The vulnerability's presence in PHP applications is concerning given PHP's widespread use in Europe for web development.

For European organizations, this vulnerability poses a significant risk to web-facing applications built on or incorporating the Leblix PHP platform. Successful exploitation can lead to unauthorized remote code execution, resulting in data breaches, defacement, or pivoting within internal networks. Confidentiality is severely impacted as attackers can access sensitive customer or business data. Integrity is compromised through code injection or modification, potentially enabling persistent backdoors or malware deployment. Although availability is not directly affected, secondary impacts such as service disruption from cleanup or further attacks are possible. Organizations in sectors with strict data protection regulations like GDPR face legal and reputational consequences if exploited. The requirement for user interaction means phishing or social engineering campaigns could be used to trigger the exploit, increasing the attack surface. European companies with public-facing web services, especially those in finance, healthcare, and government, are at heightened risk due to the sensitivity of their data and attractiveness to threat actors. The lack of known exploits currently provides a window for proactive defense, but the high CVSS score indicates that once exploits appear, rapid compromise is likely.

1. Immediate monitoring for updates or patches from Creatives_Planet and prioritize their deployment once available. 2. Implement strict input validation and sanitization on all parameters controlling include/require statements to disallow remote URLs or unexpected input. 3. Configure PHP settings to disable allow_url_include and allow_url_fopen directives to prevent remote file inclusion at the interpreter level. 4. Employ Web Application Firewalls (WAFs) with rules to detect and block suspicious include parameter manipulations or remote URL requests. 5. Conduct code audits of all PHP include/require usage to ensure no dynamic inclusion of untrusted input. 6. Educate users and administrators about phishing risks since user interaction is required for exploitation. 7. Restrict outbound network access from web servers to prevent fetching remote malicious files. 8. Use application-layer logging and monitoring to detect anomalous include requests or errors. 9. Consider isolating or sandboxing affected applications to limit impact if exploited. 10. Prepare incident response plans specific to web application compromise scenarios involving RFI.