CVE-2025-60194 is a Remote File Inclusion (RFI) vulnerability found in the Premmerce Product Search plugin for WooCommerce, specifically affecting versions up to and including 2.2.4. The vulnerability arises from improper validation and control of filenames used in PHP include or require statements. This flaw allows an attacker to supply a crafted filename parameter that causes the application to include and execute remote malicious PHP code. Since the vulnerability is exploitable over the network without authentication or user interaction, it poses a significant risk. Successful exploitation leads to arbitrary code execution within the context of the web server, compromising the integrity of the affected system. The CVSS v3.1 score of 7.5 reflects a high severity, with network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to integrity (no direct confidentiality or availability impact). The vulnerability was reserved in late September 2025 and published in early November 2025, with no known exploits in the wild at the time of reporting. The plugin is widely used in WooCommerce environments, which are popular e-commerce platforms, making this vulnerability a critical concern for online retailers using this software. Lack of available patches at the time of reporting increases urgency for mitigation.

For European organizations, especially e-commerce businesses using WooCommerce with the Premmerce Product Search plugin, this vulnerability presents a serious threat. Exploitation can lead to full compromise of web servers, allowing attackers to execute arbitrary code, deface websites, steal sensitive customer data, or deploy further malware such as ransomware. The integrity of the affected systems is directly impacted, potentially undermining customer trust and causing financial losses. Given the widespread use of WooCommerce in Europe, particularly in countries with strong e-commerce sectors like Germany, the UK, France, and the Netherlands, the risk is substantial. Additionally, compromised servers could be leveraged as a foothold for lateral movement within corporate networks or as part of broader cyber campaigns targeting European businesses. The lack of authentication and user interaction requirements makes the attack easier to execute remotely, increasing the likelihood of exploitation if unpatched.

Organizations should immediately verify if they are running Premmerce Product Search for WooCommerce versions up to 2.2.4 and plan to upgrade to a patched version once available. Until a patch is released, implement strict input validation and sanitization on any parameters that influence file inclusion paths. Employ web application firewalls (WAFs) to detect and block suspicious requests attempting remote file inclusion. Restrict outbound HTTP/HTTPS connections from web servers to prevent fetching remote malicious files. Conduct regular security audits and monitor logs for unusual activity related to file inclusion attempts. Isolate the web server environment using containerization or sandboxing to limit the impact of potential compromise. Additionally, ensure that PHP configurations disable allow_url_include and limit include paths to trusted directories. Educate development teams about secure coding practices to prevent similar vulnerabilities in the future.