CVE-2025-60055 is a Local File Inclusion (LFI) vulnerability found in AncoraThemes Fabrica, a WordPress theme product, affecting versions up to and including 1.8.1. The vulnerability arises from improper validation and control of filenames used in PHP include or require statements. This flaw allows an attacker to manipulate the input parameter that determines which file is included, enabling them to include arbitrary files from the server's filesystem. Such an attack can lead to disclosure of sensitive information (e.g., configuration files, credentials), or in some cases, code execution if the attacker can upload malicious files or leverage other vulnerabilities. The vulnerability does not require authentication or user interaction, increasing its risk profile. No CVSS score has been assigned yet, and no public exploits have been reported. The vulnerability was reserved in late September 2025 and published in December 2025. The absence of patches at the time of reporting means organizations must rely on temporary mitigations such as disabling vulnerable features or restricting file access through server configurations. AncoraThemes Fabrica is used primarily in WordPress environments, which are widely deployed globally, including Europe.

For European organizations, this vulnerability poses a significant risk to websites using the AncoraThemes Fabrica theme. Exploitation could lead to unauthorized disclosure of sensitive internal files, including configuration files containing database credentials or API keys, which could facilitate further attacks. In worst-case scenarios, attackers might achieve remote code execution by chaining this vulnerability with other weaknesses, leading to full site compromise, defacement, or use of the server as a pivot point for lateral movement. This could impact confidentiality, integrity, and availability of web services. Given the widespread use of WordPress in Europe, especially among SMEs and public sector entities, the threat surface is considerable. Additionally, compromised websites could be used to distribute malware or conduct phishing campaigns, affecting broader user bases. The lack of known exploits currently provides a window for proactive defense, but the ease of exploitation without authentication increases urgency.

Organizations should immediately inventory their WordPress installations to identify use of the AncoraThemes Fabrica theme, particularly versions up to 1.8.1. Until an official patch is released, apply the following mitigations: (1) Disable or restrict PHP functions that allow file inclusion, such as 'allow_url_include' set to 'Off' in php.ini; (2) Implement strict input validation and sanitization on parameters controlling file inclusion, ensuring only expected filenames or whitelisted files can be included; (3) Use web application firewalls (WAFs) to detect and block suspicious requests attempting file inclusion; (4) Restrict file system permissions to limit the PHP process's access to sensitive files; (5) Monitor web server logs for anomalous requests targeting include parameters; (6) Plan and prioritize patching as soon as an official update is available from AncoraThemes. Additionally, consider isolating vulnerable web servers within segmented network zones to limit lateral movement if compromised.