CVE-2025-60198 is a vulnerability classified as PHP Remote File Inclusion (RFI) found in the dedalx Saxon WordPress theme, versions up to and including 1.9.3. The root cause is improper control over the filename parameter used in PHP include or require statements, which allows an attacker to specify a remote file to be included and executed by the PHP interpreter. This can lead to remote code execution (RCE), enabling attackers to run arbitrary code on the affected server. The vulnerability does not require any authentication or user interaction, but the attack complexity is high, indicating some conditions or knowledge are necessary to exploit it. The CVSS v3.1 base score is 8.1, reflecting high impact on confidentiality, integrity, and availability. The vulnerability affects websites using the Saxon theme, commonly deployed for viral content blogs and marketing magazines on WordPress. No patches or fixes are currently linked, and no known exploits have been reported in the wild. The vulnerability was reserved in late September 2025 and published in early November 2025. The theme’s improper input validation or sanitization of the include/require filename parameter is the technical cause, allowing attackers to specify remote URLs or local files to be included, leading to code execution or information disclosure. This type of vulnerability is critical because it can lead to full site compromise, data theft, defacement, or use of the server as a pivot point for further attacks.

For European organizations, the impact of CVE-2025-60198 can be severe, especially for those relying on WordPress sites using the Saxon theme for marketing or content distribution. Successful exploitation can lead to full remote code execution, allowing attackers to steal sensitive data, modify website content, deploy malware, or disrupt services. This can damage brand reputation, lead to regulatory non-compliance (e.g., GDPR violations due to data breaches), and cause financial losses. The high severity and no requirement for authentication make it a significant threat to public-facing websites. Organizations in sectors such as media, marketing, e-commerce, and public services that use WordPress extensively are particularly vulnerable. Additionally, compromised websites can be used as platforms for phishing, malware distribution, or launching attacks against other targets, amplifying the threat landscape in Europe.

1. Immediately update the Saxon WordPress theme to a patched version once available from the vendor or consider switching to a different, actively maintained theme. 2. If no patch is available, apply manual code review and harden the include/require statements by enforcing strict input validation and sanitization to prevent remote file inclusion. 3. Disable allow_url_include and allow_url_fopen directives in PHP configuration to prevent remote file inclusion. 4. Employ a Web Application Firewall (WAF) with rules to detect and block suspicious requests attempting to exploit file inclusion vulnerabilities. 5. Restrict file system permissions to limit the web server’s ability to read or execute unauthorized files. 6. Monitor web server logs for unusual requests targeting include parameters or suspicious URL patterns. 7. Conduct regular security audits and vulnerability scans focusing on WordPress themes and plugins. 8. Educate development and IT teams about secure coding practices related to file inclusion and input validation.