CVE-2025-60044 is a vulnerability classified as improper control of filename for include/require statements in the PHP-based AncoraThemes Fribbo theme, versions up to and including 1.1.0. This flaw allows an attacker to manipulate the filename parameter used in PHP's include or require functions, enabling Remote File Inclusion (RFI) or Local File Inclusion (LFI). The vulnerability arises because the application fails to properly sanitize or validate user-supplied input that determines which files are included during runtime. An attacker can exploit this by crafting a URL or request that causes the server to include malicious remote files or local files containing sensitive information or malicious code. The CVSS v3.1 score of 8.1 reflects a high severity, with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact on confidentiality and integrity is high, as attackers can execute arbitrary PHP code or disclose sensitive files, but availability is not affected. No patches or exploits are currently publicly known, but the vulnerability is published and should be treated as critical for affected installations. The AncoraThemes Fribbo product is a WordPress theme, commonly used in CMS environments, which increases the attack surface due to widespread PHP hosting and web exposure.

For European organizations, this vulnerability poses a significant risk to web applications using the AncoraThemes Fribbo theme, particularly those running on PHP-based CMS platforms like WordPress. Successful exploitation can lead to unauthorized code execution, data leakage, and potential full compromise of affected web servers. This can result in theft of sensitive customer or business data, defacement, or use of compromised servers as pivot points for further attacks within corporate networks. Given the high adoption of PHP and WordPress in Europe, especially in small and medium enterprises, the attack surface is considerable. The requirement for user interaction (e.g., clicking a crafted link) means phishing or social engineering could facilitate exploitation. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate it, as attackers may develop exploits rapidly after disclosure. Organizations in sectors with high-value data or regulatory requirements (e.g., finance, healthcare, government) face increased reputational and compliance risks if compromised.

Immediate mitigation involves monitoring for updates from AncoraThemes and applying official patches as soon as they are released. Until patches are available, organizations should implement strict input validation and sanitization on any parameters that influence file inclusion, ensuring only trusted and expected filenames are accepted. Disabling allow_url_include and allow_url_fopen directives in PHP configurations can prevent remote file inclusion attacks. Web Application Firewalls (WAFs) should be configured to detect and block suspicious requests attempting to exploit file inclusion vulnerabilities. Additionally, restricting file permissions on the server to limit access to sensitive files and isolating web server processes can reduce impact. Regular security audits and code reviews of custom themes or plugins can help identify similar vulnerabilities. User awareness training to recognize phishing attempts can mitigate the user interaction requirement for exploitation.