CVE-2025-64359 is a Remote File Inclusion (RFI) vulnerability found in the StylemixThemes Consulting WordPress plugin, affecting versions prior to 6.7.5. The vulnerability arises from improper control over the filename parameter used in PHP include or require statements. This flaw allows an attacker to supply a crafted filename that points to a remote malicious file, which the server then includes and executes within its PHP context. Because the vulnerability is exploitable over the network without any authentication or user interaction, it presents a significant risk. Successful exploitation can lead to arbitrary code execution, enabling attackers to compromise the web server, steal sensitive data, or pivot to internal networks. The CVSS 3.1 base score of 7.5 reflects high impact on confidentiality with no impact on integrity or availability, and low attack complexity. Although no public exploits have been reported yet, the nature of RFI vulnerabilities historically makes them attractive targets. The Consulting plugin is widely used in WordPress environments, which are prevalent in European organizations for business websites and services. The vulnerability underscores the importance of secure coding practices around dynamic file inclusion and the need for timely patching of third-party components.

European organizations using the StylemixThemes Consulting plugin are at risk of unauthorized remote code execution, which can lead to data breaches, website defacement, or full server compromise. This can result in loss of customer trust, regulatory penalties under GDPR for data exposure, and operational disruptions. Attackers could leverage this vulnerability to implant backdoors, steal sensitive business or customer information, or use compromised servers as launch points for further attacks. The impact is particularly severe for organizations relying on their websites for customer engagement or e-commerce. Given the plugin’s popularity in European markets, especially in countries with high WordPress adoption, the threat could affect a broad range of sectors including SMEs, professional services, and consulting firms. The lack of required authentication and user interaction increases the likelihood of exploitation, raising the urgency for mitigation.

1. Immediately update the StylemixThemes Consulting plugin to version 6.7.5 or later once the patch is available. 2. If an update is not yet available, apply any vendor-provided patches or temporary workarounds to restrict file inclusion paths. 3. Implement strict input validation and sanitization on all parameters that control file inclusion to prevent injection of remote URLs or unauthorized file paths. 4. Deploy a Web Application Firewall (WAF) with rules to detect and block attempts to exploit file inclusion vulnerabilities, such as suspicious URL parameters or requests containing remote file references. 5. Conduct regular security audits and code reviews focusing on dynamic file inclusion usage in custom or third-party plugins. 6. Monitor web server logs for unusual requests that attempt to include external files or access unexpected paths. 7. Educate development and IT teams about secure coding practices related to file inclusion and the risks of RFI vulnerabilities. 8. Consider isolating web server environments and applying the principle of least privilege to limit the impact of any successful exploitation.