CVE-2025-64195 is a vulnerability classified as 'Improper Control of Filename for Include/Require Statement in PHP Program,' commonly referred to as a Local File Inclusion (LFI) flaw, found in the ThimPress Eduma WordPress theme. This vulnerability arises when the application fails to properly validate or sanitize user-supplied input used in PHP include or require statements, allowing an attacker to manipulate the filename parameter. Exploiting this flaw, an attacker with low privileges can cause the application to include unintended local files, which may contain malicious code or sensitive information. This can lead to remote code execution, data disclosure, or denial of service. The vulnerability affects Eduma versions up to and including 5.7.6. The CVSS v3.1 base score is 7.5, indicating high severity, with the vector showing network attack vector (AV:N), high attack complexity (AC:H), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No public exploits are currently known, but the vulnerability's nature and impact make it a critical concern for sites using this theme, especially those hosting sensitive educational content or personal data. The lack of available patches at the time of reporting necessitates immediate mitigation efforts.

For European organizations, especially educational institutions and e-learning platforms using the Eduma theme, this vulnerability poses a significant risk. Successful exploitation can lead to unauthorized disclosure of sensitive student and staff data, modification or deletion of critical educational content, and potential full system compromise. This can disrupt educational services, damage institutional reputation, and lead to regulatory non-compliance under GDPR due to data breaches. The high impact on confidentiality, integrity, and availability means attackers could exfiltrate personal data, inject malicious code, or cause service outages. Given the widespread adoption of WordPress and Eduma in Europe, the threat could affect a broad range of organizations from universities to private training providers. The absence of known exploits currently provides a window for proactive defense, but the high severity score demands urgent attention.

European organizations should immediately audit their WordPress installations to identify the use of the Eduma theme and verify the version in use. Until an official patch is released, implement strict input validation and sanitization on any user-controllable parameters related to file inclusion. Employ web application firewalls (WAFs) configured to detect and block LFI attack patterns, such as directory traversal sequences and suspicious include requests. Restrict PHP include paths using open_basedir directives to limit file system access. Regularly monitor logs for unusual file inclusion attempts or errors. Backup all critical data and test restoration procedures to prepare for potential incidents. Coordinate with ThimPress for timely updates and apply patches immediately upon release. Additionally, consider isolating vulnerable web servers in segmented network zones to reduce lateral movement risks.