CVE-2025-60198 is a vulnerability classified as 'Improper Control of Filename for Include/Require Statement in PHP Program,' commonly known as a Remote File Inclusion (RFI) vulnerability, found in the dedalx Saxon WordPress theme (versions up to 1.9.3). This vulnerability arises because the theme improperly validates or sanitizes user-supplied input used in PHP include or require statements. As a result, an attacker can manipulate the filename parameter to include remote malicious PHP files hosted on attacker-controlled servers. When the vulnerable PHP script executes the include or require statement, it fetches and runs the attacker's code, leading to remote code execution on the web server. The CVSS v3.1 score of 8.1 reflects a high severity, with the attack vector being network-based (AV:N), requiring high attack complexity (AC:H), no privileges (PR:N), and no user interaction (UI:N). The impact is critical across confidentiality, integrity, and availability (C:H/I:H/A:H), meaning an attacker can fully compromise the system. Although no known exploits are currently reported in the wild, the vulnerability is publicly disclosed and can be weaponized by attackers. The affected product is a WordPress theme used for viral content blogs and magazine marketing, which are common in digital marketing environments. The lack of available patches or updates at the time of disclosure increases the urgency for mitigation. The vulnerability's exploitation can lead to unauthorized access, data theft, defacement, or use of the compromised server as a pivot point for further attacks.

For European organizations, this vulnerability poses a significant risk, especially those relying on the dedalx Saxon theme for their WordPress sites. Successful exploitation can lead to complete system compromise, including theft of sensitive customer data, defacement of websites, disruption of services, and potential use of compromised servers to launch further attacks within the network or against third parties. Given the theme's focus on viral content and marketing, organizations in the digital marketing, media, and publishing sectors are particularly vulnerable. The impact extends beyond the affected website to the organization's reputation and regulatory compliance, especially under GDPR, where data breaches can result in heavy fines. Additionally, compromised servers can be enlisted in botnets or used to distribute malware, amplifying the threat landscape. The high attack complexity somewhat limits exploitation to skilled attackers, but the lack of required privileges or user interaction lowers the barrier significantly. The network attack vector means attackers can attempt exploitation remotely without prior access, increasing exposure. Overall, the threat can disrupt business operations and cause financial and reputational damage.

European organizations should immediately audit their WordPress installations to identify the use of the dedalx Saxon theme, particularly versions up to 1.9.3. If found, they should seek updates or patches from the vendor; if none are available, consider replacing the theme with a secure alternative. As a critical mitigation, disable PHP's allow_url_include directive to prevent remote file inclusion via URL. Implement strict input validation and sanitization on any user-supplied data used in include or require statements, employing whitelisting of allowed files or paths. Employ Web Application Firewalls (WAFs) with rules to detect and block suspicious requests attempting file inclusion attacks. Monitor web server logs for unusual patterns, such as requests containing suspicious parameters or remote URLs. Restrict file permissions on the server to limit the impact of any successful code execution. Conduct regular security scans and penetration tests focusing on file inclusion vulnerabilities. Finally, educate web developers and administrators about secure coding practices to prevent similar vulnerabilities in custom themes or plugins.