CVE-2025-60047 is a Remote File Inclusion (RFI) vulnerability found in the PHP-based axiomthemes IPharm product, affecting all versions up to and including 1.2.3. The vulnerability arises from improper control over the filename parameter used in PHP include or require statements, allowing an attacker to manipulate the input to include remote or local files. This can lead to arbitrary code execution on the server, as the attacker can inject malicious PHP code via a crafted URL or request parameter. The vulnerability does not require authentication (PR:N) but does require some user interaction (UI:R), such as clicking a malicious link. The CVSS 3.1 score of 8.1 reflects high impact on confidentiality and integrity, with no impact on availability. The scope is unchanged (S:U), meaning the vulnerability affects only the vulnerable component. Although no public exploits are known yet, the nature of RFI vulnerabilities makes them attractive targets for attackers aiming to compromise web servers, steal sensitive data, or pivot within networks. The affected product, IPharm, is used in healthcare-related web applications, increasing the risk due to the sensitivity of the data involved. The vulnerability was reserved in September 2025 and published in December 2025, with no patches currently linked, indicating a potential window of exposure.

For European organizations, especially those in healthcare and pharmaceutical sectors using the IPharm product, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized disclosure of sensitive patient data, alteration of critical application logic, and potential breach of regulatory compliance such as GDPR. The ability to execute arbitrary code remotely without authentication could allow attackers to establish persistent access, move laterally within networks, or disrupt services indirectly. Given the critical nature of healthcare data and the increasing targeting of healthcare infrastructure by cybercriminals and nation-state actors, the impact extends beyond individual organizations to national healthcare systems. Additionally, compromised systems could be used as launchpads for further attacks against European supply chains or critical infrastructure. The lack of available patches increases the urgency for immediate mitigation to prevent exploitation.

1. Immediately audit all instances of IPharm and identify affected versions (<=1.2.3). 2. If patches become available from axiomthemes, apply them promptly. 3. In the absence of patches, implement strict input validation and sanitization on all parameters that influence file inclusion, ensuring only allowed filenames or paths are accepted. 4. Configure PHP settings to disable remote file inclusion (e.g., setting 'allow_url_include' to 'Off' and 'allow_url_fopen' to 'Off'). 5. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious requests attempting to exploit file inclusion. 6. Restrict filesystem permissions to limit the web server's ability to read or execute files outside designated directories. 7. Monitor logs for unusual access patterns or errors related to file inclusion attempts. 8. Educate developers and administrators about secure coding practices to prevent similar vulnerabilities. 9. Consider network segmentation to isolate vulnerable systems until fully remediated.