CVE-2025-60051 is a vulnerability classified as improper control of filename for include/require statements in PHP within the AncoraThemes Rare Radio WordPress theme, versions up to 1.0.15.1. This vulnerability enables Remote File Inclusion (RFI), where an attacker can manipulate the input parameter that controls which file is included or required by the PHP application. By exploiting this flaw, an attacker can cause the application to include malicious remote files, leading to arbitrary code execution on the server. The vulnerability stems from insufficient validation or sanitization of user-supplied input used in PHP include or require functions, which are critical for dynamic content loading. Although the CVE entry does not provide a CVSS score and no public exploits are known, the nature of RFI vulnerabilities typically allows attackers to execute arbitrary PHP code remotely, potentially gaining full control over the affected web server. This can result in data theft, website defacement, malware deployment, or pivoting to internal networks. The affected product, Rare Radio, is a WordPress theme developed by AncoraThemes, commonly used for radio station websites or audio streaming portals. Since WordPress is widely adopted across Europe, especially in small to medium enterprises and media organizations, this vulnerability could have broad impact. The lack of available patches or official fixes at the time of publication increases the urgency for manual mitigations or temporary workarounds. Detection of exploitation attempts can be challenging without proper logging and monitoring of file inclusion parameters. This vulnerability highlights the importance of secure coding practices in theme development, particularly input validation and the avoidance of dynamic file inclusion based on user input.

The impact of CVE-2025-60051 on European organizations can be severe, especially for those relying on the Rare Radio theme for their WordPress sites. Successful exploitation can lead to remote code execution, allowing attackers to fully compromise the web server hosting the site. This can result in unauthorized data access, defacement, injection of malicious content, or use of the compromised server as a launchpad for further attacks within the organization's network. Media companies, broadcasters, and small businesses using this theme may face service disruption, reputational damage, and regulatory consequences under GDPR if personal data is exposed. The vulnerability could also be leveraged to distribute malware or ransomware, amplifying the operational and financial impact. Given the widespread use of WordPress in Europe and the popularity of AncoraThemes products, the attack surface is significant. Organizations with limited cybersecurity resources or outdated WordPress environments are particularly vulnerable. The absence of known exploits currently provides a window for proactive mitigation, but the risk of future exploitation remains high. Overall, the threat undermines confidentiality, integrity, and availability of affected systems, posing a critical risk to European digital infrastructure relying on this theme.

To mitigate CVE-2025-60051, organizations should immediately verify if their WordPress installations use the AncoraThemes Rare Radio theme version 1.0.15.1 or earlier. If so, they should seek official patches or updates from AncoraThemes as soon as they become available. In the absence of a patch, manual mitigation involves reviewing and modifying the theme's PHP code to ensure that any filename parameters used in include or require statements are strictly validated against a whitelist of allowed files or sanitized to prevent directory traversal and remote URLs. Disabling allow_url_include in the PHP configuration can reduce the risk of remote file inclusion. Web application firewalls (WAFs) should be configured to detect and block suspicious requests attempting to manipulate file inclusion parameters. Additionally, organizations should implement strict input validation, employ least privilege principles for web server file permissions, and monitor logs for unusual file inclusion attempts or unexpected PHP errors. Regular backups and incident response plans should be updated to prepare for potential exploitation. Finally, educating site administrators about the risks of using outdated themes and plugins is essential to prevent similar vulnerabilities.