CVE-2025-60044 is a vulnerability classified as improper control of filename for include/require statements in the PHP-based AncoraThemes Fribbo product, affecting versions up to and including 1.1.0. This vulnerability allows an attacker to perform remote file inclusion (RFI), a critical security flaw where external files can be included and executed by the PHP interpreter. The root cause is insufficient validation or sanitization of user-supplied input that determines the file path in include or require statements. Exploiting this vulnerability enables attackers to execute arbitrary PHP code remotely, potentially leading to full system compromise, data theft, defacement, or pivoting within the network. No CVSS score has been assigned yet, and no public exploits are known at this time. However, the vulnerability is publicly disclosed and should be treated as critical due to the nature of RFI vulnerabilities. The affected product, Fribbo by AncoraThemes, is a PHP-based web application or theme, commonly used in content management systems or websites. The lack of patches or updates currently available increases the urgency for organizations to implement mitigations. The vulnerability does not require authentication or user interaction, increasing its risk profile. Attackers can exploit this remotely, making it a significant threat to exposed web servers running vulnerable versions.

For European organizations, this vulnerability poses a high risk to web-facing applications using AncoraThemes Fribbo. Successful exploitation can lead to remote code execution, allowing attackers to take control of web servers, access sensitive data, deploy malware, or disrupt services. This can result in data breaches, reputational damage, regulatory fines under GDPR, and operational downtime. Organizations with public-facing websites or intranet portals running Fribbo are particularly vulnerable. The impact extends beyond confidentiality to integrity and availability, as attackers can modify or delete data and cause denial of service. Given the lack of authentication requirements, attackers can exploit this vulnerability without credentials, increasing the attack surface. The absence of known exploits in the wild suggests a window for proactive defense, but also means attackers may develop exploits soon. European entities in sectors such as government, finance, healthcare, and e-commerce, which rely heavily on web applications, are at heightened risk. The potential for lateral movement within networks after initial compromise further amplifies the threat.

Immediate mitigation steps include auditing all instances of AncoraThemes Fribbo to identify affected versions and isolate vulnerable systems from public access where possible. Since no official patches are currently available, organizations should implement strict input validation and sanitization on all parameters used in include or require statements to prevent arbitrary file paths. Employing web application firewalls (WAFs) with rules to detect and block remote file inclusion attempts can provide a protective layer. Disable allow_url_include and allow_url_fopen directives in PHP configurations to reduce the risk of remote file inclusion. Conduct thorough code reviews to identify and refactor unsafe file inclusion logic. Monitor web server logs and network traffic for unusual requests indicative of exploitation attempts. Plan for rapid deployment of official patches once released by AncoraThemes. Additionally, implement network segmentation to limit the impact of a potential compromise and maintain regular backups to enable recovery from destructive attacks.