CVE-2025-66115 is a vulnerability identified in the MatrixAddons Easy Invoice software, specifically affecting versions up to and including 2.1.4. The flaw arises from improper control of filenames used in PHP include or require statements, which leads to a Local File Inclusion (LFI) vulnerability. LFI vulnerabilities allow attackers to trick the application into including files from the local filesystem, which can lead to information disclosure, code execution in some cases, or denial of service. In this case, the vulnerability requires an attacker to have network access and high privileges (authentication) but does not require user interaction. The CVSS score of 6.6 (medium severity) reflects that while the attack vector is network-based and the attack complexity is low, the requirement for privileges limits the ease of exploitation. The vulnerability impacts confidentiality, integrity, and availability, as an attacker could read sensitive files, manipulate application behavior, or cause service disruption. No known exploits are currently reported in the wild, but the vulnerability is published and should be addressed promptly. The lack of available patches at the time of reporting means organizations must implement interim mitigations. This vulnerability is particularly relevant for organizations relying on Easy Invoice for financial operations, as exploitation could expose sensitive financial data or disrupt invoicing processes.

For European organizations, the impact of CVE-2025-66115 can be significant, especially for small and medium enterprises (SMEs) and accounting firms that utilize Easy Invoice for billing and financial management. Confidentiality could be compromised through unauthorized access to sensitive invoice data or configuration files. Integrity risks include potential manipulation of invoicing data or application logic, which could lead to financial discrepancies or fraud. Availability could be affected if attackers exploit the vulnerability to cause application crashes or denial of service, disrupting business operations. Given the requirement for authenticated access, insider threats or compromised credentials increase the risk. The financial sector, legal firms, and public sector entities using Easy Invoice are particularly vulnerable due to the sensitivity of invoicing data. Additionally, disruption in invoicing processes can have cascading effects on cash flow and regulatory compliance. The medium severity rating suggests that while the threat is serious, it is not trivially exploitable by unauthenticated attackers, but organizations should not underestimate the risk given the potential business impact.

1. Apply vendor patches or updates as soon as they become available to address the vulnerability directly. 2. Implement strict input validation and sanitization on any user-supplied data that influences file inclusion paths to prevent manipulation. 3. Configure PHP settings to disable dangerous functions such as allow_url_include and restrict include_path to trusted directories only. 4. Employ web application firewalls (WAFs) with rules designed to detect and block suspicious file inclusion attempts. 5. Enforce strong authentication mechanisms and monitor for unusual login patterns to reduce the risk of privilege abuse. 6. Conduct regular audits of server file systems and application logs to detect unauthorized file access or inclusion attempts. 7. Isolate the Easy Invoice application environment to minimize the impact of potential exploitation, such as running it in a container or sandbox. 8. Educate administrators and users about the risks of credential compromise and the importance of timely patching. 9. Consider implementing file integrity monitoring to detect unauthorized changes to critical files. 10. Limit network exposure of the Easy Invoice application to trusted internal networks where possible.