Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2025-68065: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in LiquidThemes Hub Core

0
High
VulnerabilityCVE-2025-68065cvecve-2025-68065
Published: Tue Dec 16 2025 (12/16/2025, 08:13:01 UTC)
Source: CVE Database V5
Vendor/Project: LiquidThemes
Product: Hub Core

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core hub-core allows PHP Local File Inclusion.This issue affects Hub Core: from n/a through <= 5.0.8.

AI-Powered Analysis

AILast updated: 01/21/2026, 01:19:19 UTC

Technical Analysis

CVE-2025-68065 is a Remote File Inclusion (RFI) vulnerability found in LiquidThemes Hub Core, a PHP-based software product used for web content management or theme integration. The flaw arises from improper control of the filename parameter used in PHP include or require statements, allowing an attacker to specify a remote file URL. When exploited, this vulnerability enables an attacker to execute arbitrary PHP code hosted on a remote server within the context of the vulnerable application. The vulnerability affects all versions of Hub Core up to and including 5.0.8. The CVSS 3.1 base score of 7.5 indicates that the attack vector is network-based (AV:N), requires no privileges (PR:N), and no user interaction (UI:N), with a high impact on confidentiality (C:H) but no impact on integrity (I:N) or availability (A:N). This means attackers can potentially read sensitive files or execute code remotely without altering data or causing denial of service. The vulnerability was published on December 16, 2025, and no patches or known exploits have been reported yet. The root cause is insufficient validation or sanitization of input controlling the include/require filename, a common PHP security issue. Exploitation could lead to data leakage, unauthorized code execution, and potentially full system compromise depending on the payload delivered. The vulnerability is critical for web servers running Hub Core, especially those exposed to the internet without additional protections.

Potential Impact

For European organizations, this vulnerability poses a significant risk to confidentiality and system security. Exploitation could lead to unauthorized disclosure of sensitive information such as user data, configuration files, or credentials stored on the server. Additionally, remote code execution could allow attackers to implant backdoors, pivot within networks, or conduct further attacks. Organizations relying on LiquidThemes Hub Core for their web presence or internal portals may face data breaches, reputational damage, and regulatory penalties under GDPR if personal data is exposed. The lack of integrity and availability impact reduces the risk of data tampering or service disruption, but the confidentiality breach alone is critical. The threat is heightened for organizations with public-facing web servers running vulnerable versions, especially those without web application firewalls or strict input validation. The absence of known exploits currently provides a window for proactive mitigation before active attacks emerge.

Mitigation Recommendations

1. Immediately monitor LiquidThemes announcements for official patches and apply them as soon as they are released to fix the vulnerability. 2. Until patches are available, implement strict input validation and sanitization on all parameters controlling file inclusion to block remote URLs and unexpected inputs. 3. Disable PHP's allow_url_include directive in php.ini to prevent inclusion of remote files globally. 4. Use web application firewalls (WAFs) to detect and block suspicious requests attempting remote file inclusion. 5. Conduct code audits and penetration testing focused on file inclusion and input handling vulnerabilities in Hub Core deployments. 6. Restrict web server permissions to limit the impact of potential code execution, ensuring the web server user has minimal privileges. 7. Employ network segmentation to isolate critical systems and reduce lateral movement if exploitation occurs. 8. Educate developers and administrators on secure coding practices related to file inclusion and input validation. 9. Monitor logs for unusual access patterns or errors related to file inclusion attempts. 10. Consider temporary removal or disabling of vulnerable Hub Core components if immediate patching is not feasible.

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Data Version
5.2
Assigner Short Name
Patchstack
Date Reserved
2025-12-15T10:01:19.544Z
Cvss Version
null
State
PUBLISHED

Threat ID: 69411756594e45819d70d835

Added to database: 12/16/2025, 8:24:54 AM

Last enriched: 1/21/2026, 1:19:19 AM

Last updated: 2/4/2026, 12:54:58 PM

Views: 38

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats