CVE-2025-64195 is a Local File Inclusion (LFI) vulnerability found in the ThimPress Eduma WordPress theme, specifically affecting versions up to 5.7.6. The vulnerability arises from improper control over the filename parameter used in PHP include or require statements. This flaw allows an attacker to manipulate the input to these statements, causing the application to include unintended local files. By including malicious or sensitive files, an attacker can execute arbitrary PHP code or disclose sensitive information such as configuration files, credentials, or other data stored on the server. The vulnerability does not currently have a CVSS score and no known public exploits have been reported, but the risk remains significant due to the nature of LFI vulnerabilities. Exploitation typically requires the attacker to supply crafted input that the application uses in the include/require function without proper sanitization or validation. This can lead to remote code execution if an attacker can upload or control files on the server or disclose sensitive files that facilitate further attacks. The Eduma theme is widely used in educational websites, which often contain sensitive user data and intellectual property, increasing the potential impact. The vulnerability was published on October 29, 2025, by Patchstack, and no official patch links are currently available, indicating that users must monitor for updates or apply temporary mitigations. The lack of authentication requirement and the ability to execute code remotely make this a critical security concern for affected sites.

For European organizations, especially those operating educational platforms or e-learning services using the Eduma theme, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized access to sensitive student and staff data, intellectual property theft, website defacement, or complete server takeover. This could result in regulatory non-compliance, particularly under GDPR, leading to fines and reputational damage. The disruption of educational services could impact operational continuity and trust. Additionally, attackers could use compromised sites as a foothold for lateral movement within networks or to distribute malware. The impact is heightened in sectors where data confidentiality and availability are critical, such as universities, training providers, and corporate learning platforms. Given the widespread use of WordPress and Eduma in Europe, the threat surface is considerable. The absence of known exploits currently provides a window for proactive defense, but the potential for rapid weaponization exists once details become widely known.

European organizations should immediately inventory their WordPress installations to identify the use of the Eduma theme and confirm the version in use. Until an official patch is released, apply the following mitigations: 1) Restrict file inclusion paths by configuring PHP open_basedir restrictions to limit accessible directories. 2) Employ a Web Application Firewall (WAF) with custom rules to detect and block suspicious requests attempting to manipulate include parameters. 3) Disable or restrict theme file editing capabilities within WordPress to prevent unauthorized code changes. 4) Conduct thorough input validation and sanitization on any user-supplied data that could influence file inclusion. 5) Monitor server logs for unusual access patterns or errors related to file inclusion. 6) Isolate the WordPress environment using containerization or sandboxing to limit the blast radius of a potential compromise. 7) Prepare for rapid patch deployment by subscribing to vendor security advisories. 8) Educate administrators on the risks of LFI vulnerabilities and the importance of timely updates. These steps go beyond generic advice by focusing on configuration hardening and proactive detection tailored to this vulnerability.