CVE-2025-60053 is a PHP Local File Inclusion (LFI) vulnerability found in AncoraThemes MaxCube versions up to 1.3.1. The root cause is improper control over the filename used in PHP include or require statements, which allows an attacker to manipulate the input parameter that determines which file is included. This can lead to the inclusion of unintended local files on the server. LFI vulnerabilities can be leveraged to disclose sensitive files such as configuration files, password files, or application source code, potentially leading to further attacks like remote code execution if combined with other vulnerabilities or misconfigurations. The vulnerability does not require authentication or user interaction, making it easier for remote attackers to exploit. Although no public exploits are currently known, the vulnerability is publicly disclosed and thus could be targeted by attackers. MaxCube is a product by AncoraThemes, likely used as a WordPress theme or plugin, which is common in many European organizations’ web environments. The lack of a patch link indicates that a fix may not yet be available, increasing the urgency for mitigation. The vulnerability was reserved in late September 2025 and published in December 2025. The absence of a CVSS score requires an independent severity assessment based on the impact and exploitability factors.

For European organizations, exploitation of this vulnerability could lead to unauthorized disclosure of sensitive information such as database credentials, internal configuration files, or user data stored on the web server. This can compromise confidentiality and potentially integrity if attackers use the information to escalate privileges or conduct further attacks. Availability impact is generally low for LFI alone but could increase if attackers leverage the vulnerability to execute arbitrary code or disrupt services. Organizations relying on AncoraThemes MaxCube for their websites or web applications may face reputational damage, regulatory penalties under GDPR for data breaches, and operational disruptions. The ease of exploitation without authentication increases the risk profile, especially for public-facing web servers. Attackers could also use the vulnerability as a foothold for lateral movement within corporate networks. The lack of known exploits currently reduces immediate risk but does not eliminate the threat, as attackers often develop exploits after public disclosure.

1. Monitor AncoraThemes and MaxCube vendor channels for official patches and apply them immediately once available. 2. In the interim, restrict file inclusion paths by configuring PHP settings such as open_basedir to limit accessible directories. 3. Implement input validation and sanitization on all parameters controlling file inclusion to ensure only intended files can be included. 4. Deploy Web Application Firewalls (WAFs) with rules to detect and block suspicious file inclusion patterns and attempts to access sensitive files. 5. Conduct code reviews and penetration testing focused on file inclusion vulnerabilities in all web applications using MaxCube. 6. Limit web server permissions to prevent unauthorized file access and execution. 7. Maintain regular backups and incident response plans to quickly recover from potential exploitation. 8. Educate developers and administrators about secure coding practices related to file inclusion and PHP security.