CVE-2025-60047 is a vulnerability classified as Improper Control of Filename for Include/Require Statement in the PHP program axiomthemes IPharm, specifically versions up to and including 1.2.3. This vulnerability allows for PHP Remote File Inclusion (RFI), where an attacker can manipulate the filename parameter used in include or require statements to load and execute arbitrary PHP code from a remote source. The root cause is insufficient validation or sanitization of user-supplied input that controls the file path in these statements. Exploiting this vulnerability can lead to remote code execution, enabling attackers to run malicious scripts on the affected server, potentially leading to full system compromise, data theft, or further network infiltration. The vulnerability does not require prior authentication, increasing its risk profile. No CVSS score is currently assigned, and no public exploits have been reported yet. The vulnerability was reserved in late September 2025 and published in December 2025. The lack of patch links suggests that a fix may not yet be publicly available, emphasizing the need for proactive mitigation. The affected product, IPharm by axiomthemes, is a PHP-based application likely used in pharmaceutical or healthcare contexts, where data sensitivity is high. The vulnerability's exploitation could severely impact confidentiality, integrity, and availability of systems running this software.

For European organizations, particularly those in healthcare, pharmaceuticals, or related sectors using axiomthemes IPharm, this vulnerability poses a critical risk. Successful exploitation could allow attackers to execute arbitrary code remotely, leading to unauthorized access to sensitive patient or research data, disruption of healthcare services, and potential regulatory non-compliance under GDPR due to data breaches. The integrity of medical records and pharmaceutical data could be compromised, undermining trust and operational continuity. Additionally, attackers could use compromised systems as footholds for lateral movement within networks, escalating the impact. The absence of authentication requirements and the potential for remote exploitation increase the threat level. Given the critical nature of healthcare infrastructure in Europe, exploitation could have cascading effects on public health and safety.

Organizations should immediately audit their use of axiomthemes IPharm and identify affected versions (<=1.2.3). Until a patch is released, implement strict input validation and sanitization on all parameters controlling file includes to prevent injection of malicious paths. Disable PHP's allow_url_include directive to prevent remote file inclusion. Employ web application firewalls (WAFs) with rules targeting RFI attack patterns to detect and block exploitation attempts. Monitor logs for suspicious include/require activity or unexpected file access. Segregate and harden servers running IPharm to limit potential lateral movement. Engage with the vendor for timely patch releases and apply updates as soon as they become available. Conduct penetration testing focused on file inclusion vulnerabilities to verify mitigations. Finally, ensure backups and incident response plans are up to date to minimize impact if exploitation occurs.