CVE-2025-60194 is a vulnerability classified as 'Improper Control of Filename for Include/Require Statement in PHP Program,' commonly known as a PHP Remote File Inclusion (RFI) flaw, found in the Premmerce Product Search plugin for WooCommerce. This vulnerability arises because the plugin fails to properly validate or sanitize user-supplied input used in PHP include or require statements, allowing an attacker to specify a remote file to be included and executed by the server. The affected versions include all versions up to and including 2.2.4. The vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, making it highly accessible to attackers. Exploiting this vulnerability enables an attacker to execute arbitrary PHP code on the server hosting the WooCommerce site, which can lead to full compromise of the web application, data manipulation, or pivoting into the internal network. The CVSS v3.1 base score is 7.5, reflecting high impact on integrity with no impact on confidentiality or availability. No public exploits are known at this time, but the nature of the vulnerability makes it a prime candidate for future exploitation. The vulnerability was reserved in late September 2025 and published in early November 2025. The lack of available patches or updates at the time of disclosure increases the urgency for mitigation.

For European organizations, especially those operating e-commerce platforms using WooCommerce with the Premmerce Product Search plugin, this vulnerability poses a significant risk. Successful exploitation can lead to arbitrary code execution, allowing attackers to manipulate product data, inject malicious content, steal sensitive customer information, or disrupt business operations. The integrity of the e-commerce platform is directly threatened, potentially damaging brand reputation and customer trust. Additionally, attackers could leverage compromised servers as footholds for further attacks within corporate networks or to launch supply chain attacks. Given the widespread use of WooCommerce in Europe and the critical role of e-commerce in the European economy, the impact could be substantial. Organizations in sectors such as retail, logistics, and financial services that rely on WooCommerce storefronts are particularly vulnerable. The lack of authentication requirements and the remote exploitability increase the likelihood of attacks, especially in countries with high WooCommerce market penetration.

European organizations should immediately audit their WooCommerce installations to identify the use of the Premmerce Product Search plugin and verify the version in use. If running version 2.2.4 or earlier, they should prioritize upgrading to a patched version once available from the vendor. In the absence of an official patch, organizations should consider temporarily disabling the plugin or removing it entirely to eliminate the attack surface. Web application firewalls (WAFs) should be configured to detect and block suspicious requests attempting to exploit file inclusion vulnerabilities, such as requests containing remote URLs or unusual parameters in include/require statements. Additionally, organizations should implement strict input validation and sanitization on all user-supplied data, especially parameters that influence file inclusion. Monitoring web server logs for anomalous requests and signs of exploitation attempts is critical. Network segmentation and least privilege principles should be enforced to limit the potential damage of a compromised web server. Finally, organizations should stay informed about vendor updates and threat intelligence related to this vulnerability for timely response.