CVE-2025-60054 is a vulnerability identified in the AncoraThemes OnLeash WordPress theme, specifically involving improper control of filenames used in PHP include or require statements. This vulnerability allows for Local File Inclusion (LFI), where an attacker can manipulate the filename parameter to include arbitrary files from the server's filesystem. Such a flaw arises when user input is not properly sanitized or validated before being passed to PHP's include or require functions. The affected versions include OnLeash up to and including 1.5.2. Exploiting this vulnerability can lead to disclosure of sensitive files such as configuration files, password files, or other data stored on the server. In some cases, LFI can be leveraged to execute arbitrary code, especially if combined with other vulnerabilities or if the attacker can upload malicious files. Although no known exploits are currently reported in the wild, the vulnerability is publicly disclosed and thus poses a risk. The lack of a CVSS score means severity must be assessed based on impact and exploitability factors. The vulnerability does not require authentication, making it accessible to remote attackers, and does not require user interaction. AncoraThemes OnLeash is a WordPress theme used primarily for pet-related websites, but any site using this theme and running vulnerable versions is at risk. The vulnerability was reserved in September 2025 and published in December 2025, indicating recent discovery and disclosure.

For European organizations, the impact of CVE-2025-60054 can be significant, particularly for those operating WordPress websites using the OnLeash theme. Successful exploitation could lead to unauthorized disclosure of sensitive information such as database credentials, user data, or internal configuration files, potentially violating GDPR and other data protection regulations. Additionally, attackers might leverage the vulnerability to execute arbitrary code, leading to full site compromise, defacement, or use of the site as a pivot point for further attacks within the network. This could damage organizational reputation, disrupt business operations, and result in financial losses. Small and medium enterprises, e-commerce platforms, and service providers using this theme are particularly vulnerable. The absence of known exploits currently provides a window for proactive mitigation, but the public disclosure increases the risk of future exploitation attempts. The impact is heightened in sectors with strict compliance requirements and high-value data, such as finance, healthcare, and government services within Europe.

1. Immediately monitor for updates or patches from AncoraThemes and apply them as soon as they become available. 2. Until a patch is released, implement strict input validation and sanitization on any parameters that influence file inclusion, ensuring only allowed filenames or paths are processed. 3. Employ web application firewalls (WAFs) with rules designed to detect and block attempts to exploit LFI vulnerabilities, such as suspicious URL patterns or directory traversal sequences. 4. Restrict PHP include paths using configuration directives (e.g., open_basedir) to limit accessible directories and prevent inclusion of unauthorized files. 5. Conduct thorough code reviews and security audits of the theme and any customizations to identify and remediate unsafe file inclusion practices. 6. Regularly back up website data and configurations to enable rapid recovery in case of compromise. 7. Educate site administrators about the risks and signs of exploitation attempts to improve detection and response. 8. Consider isolating WordPress instances using this theme in segmented network zones to limit lateral movement if compromised.