The vulnerability CVE-2025-67946 in scriptsbundle AdForest arises from improper validation or control of filenames used in PHP include or require statements. This flaw allows an attacker to perform PHP Local File Inclusion, potentially enabling unauthorized access to local files, execution of arbitrary code, or other malicious actions. The CVSS score of 8.1 reflects a high-severity issue with network attack vector, high impact on confidentiality, integrity, and availability, and requiring high attack complexity without privileges or user interaction.

Successful exploitation of this vulnerability could allow an attacker to include and execute arbitrary local files on the server running the vulnerable AdForest application. This can lead to disclosure of sensitive information, modification or destruction of data, and disruption of service. The high CVSS score indicates significant risk to affected systems.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting access to vulnerable endpoints and applying any available workarounds recommended by the vendor. Monitor vendor channels for updates regarding patches or mitigations.