CVE-2025-64195 is a vulnerability identified in the ThimPress Eduma WordPress theme, specifically involving improper control of filenames used in PHP include or require statements. This vulnerability allows an attacker to exploit Local File Inclusion (LFI), where the application improperly handles user-supplied input to include files on the server. By manipulating the filename parameter, an attacker with low privileges can cause the application to load arbitrary files from the server's filesystem, potentially exposing sensitive data, executing arbitrary PHP code, or causing denial of service. The vulnerability affects Eduma versions up to and including 5.7.6. The CVSS v3.1 base score is 7.5, reflecting a high severity with network attack vector, high impact on confidentiality, integrity, and availability, and requiring low privileges but no user interaction. Although no public exploits are currently known, the vulnerability's characteristics make it a critical concern for websites using this theme, especially those hosting sensitive educational content or user data. The lack of available patches at the time of publication necessitates immediate attention from administrators. The vulnerability arises from insufficient validation or sanitization of the filename parameter in PHP include/require statements, a common issue in PHP applications that can lead to remote code execution or data leakage if exploited successfully.

For European organizations, particularly those in the education sector using the Eduma theme for WordPress, this vulnerability poses a significant risk. Exploitation can lead to unauthorized disclosure of sensitive information, including student records, internal documents, or credentials. Attackers could also execute arbitrary code on the affected servers, leading to full system compromise, data tampering, or service disruption. This could result in reputational damage, regulatory penalties under GDPR due to data breaches, and operational downtime. The vulnerability's network accessibility means attackers can exploit it remotely without user interaction, increasing the risk of widespread attacks. Organizations relying on Eduma for e-learning platforms or educational content delivery in Europe must consider the potential for targeted attacks, especially given the strategic importance of education infrastructure. The high CVSS score reflects the broad impact on confidentiality, integrity, and availability, emphasizing the critical need for mitigation.

1. Immediate application of any available patches or updates from ThimPress once released. 2. If patches are not yet available, implement temporary mitigations such as disabling or restricting the vulnerable include/require functionality via custom code or server configuration. 3. Employ strict input validation and sanitization on any parameters controlling file inclusion to prevent manipulation. 4. Use web application firewalls (WAFs) to detect and block suspicious requests attempting to exploit file inclusion. 5. Restrict file system permissions to limit the files accessible by the web server user, minimizing the impact of LFI exploitation. 6. Conduct thorough vulnerability scanning and penetration testing focused on file inclusion vulnerabilities in WordPress themes and plugins. 7. Monitor logs for unusual file access patterns or errors related to PHP include/require statements. 8. Educate administrators on secure configuration practices for WordPress themes and PHP applications. 9. Consider isolating critical educational platforms in segmented network zones to reduce lateral movement if compromised. 10. Maintain regular backups and incident response plans tailored to web application compromises.