CVE-2025-60064 is a vulnerability classified as Remote File Inclusion (RFI) affecting the Renewal WordPress theme developed by axiomthemes, specifically versions up to and including 1.2.2. The root cause is improper control over the filename parameter used in PHP include or require statements, which allows an attacker to manipulate the input to include arbitrary files. This can lead to the execution of malicious code on the server, enabling remote code execution (RCE). The vulnerability is particularly dangerous because it does not require authentication or user interaction, making it exploitable by any remote attacker who can send crafted requests to the vulnerable web application. Although the description mentions PHP Local File Inclusion, the nature of the flaw and the terminology 'Remote File Inclusion' indicates that external files can be included remotely, which is more severe. The vulnerability was reserved in late September 2025 and published in December 2025, but no CVSS score or patches have been released yet, and no known exploits are reported in the wild. The affected product, Renewal, is a WordPress theme, which is widely used in content management systems, increasing the attack surface. Exploitation could lead to full site compromise, data theft, defacement, or use of the server as a pivot point for further attacks.

For European organizations, the impact of CVE-2025-60064 can be severe. Many businesses and institutions in Europe rely on WordPress for their websites, and themes like Renewal are commonly used for site customization. Successful exploitation could lead to unauthorized access to sensitive data, defacement of websites, disruption of services, and potential lateral movement within the network. This can damage organizational reputation, lead to regulatory non-compliance (e.g., GDPR violations due to data breaches), and cause financial losses. Public sector entities, e-commerce platforms, and media outlets are particularly at risk due to their reliance on web presence and the sensitivity of their data. The lack of authentication requirement and ease of exploitation increase the likelihood of attacks. Additionally, the absence of patches or mitigations at the time of disclosure means organizations must act quickly to reduce exposure.

1. Immediately update the Renewal theme to a patched version once available from axiomthemes. Monitor vendor communications for security updates. 2. Until an official patch is released, implement strict input validation and sanitization on all parameters that control file inclusion paths in the theme’s PHP code. 3. Employ Web Application Firewalls (WAFs) with rules designed to detect and block attempts to exploit file inclusion vulnerabilities, such as suspicious URL parameters containing remote file paths or traversal sequences. 4. Restrict PHP configuration settings to disable allow_url_include and allow_url_fopen directives to prevent remote file inclusion. 5. Conduct thorough code audits for any customizations or plugins that interact with the Renewal theme to ensure no additional insecure file inclusion mechanisms exist. 6. Monitor web server logs for unusual requests or errors related to file inclusion attempts. 7. Educate web administrators about the risks of RFI vulnerabilities and the importance of timely patching and secure coding practices.