CVE-2025-68068 is a remote file inclusion vulnerability found in the Select-Themes Stockholm WordPress theme, affecting versions up to 9.14.1. The vulnerability arises from improper control over the filename parameter used in PHP include or require statements, allowing an attacker to specify a remote file to be included and executed by the server. This type of vulnerability is critical because it enables remote code execution, potentially allowing attackers to run arbitrary PHP code on the affected server. The CVSS 3.1 base score of 7.5 reflects a high severity, with attack vector being network-based (AV:N), requiring low privileges (PR:L), no user interaction (UI:N), and impacting confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits have been reported yet, the nature of the vulnerability makes it a prime target for exploitation once weaponized. The vulnerability could be exploited by sending crafted requests that manipulate the include/require filename parameter to load malicious code from an attacker-controlled server. This could lead to data theft, website defacement, malware deployment, or full server compromise. The vulnerability is particularly dangerous in shared hosting or multi-tenant environments where the theme is deployed. The lack of available patches at the time of disclosure increases the urgency for temporary mitigations.

For European organizations, the impact of CVE-2025-68068 can be severe. Many businesses and public sector entities rely on WordPress themes like Stockholm for their websites and e-commerce platforms. Exploitation could lead to unauthorized access to sensitive customer data, intellectual property theft, disruption of online services, and reputational damage. The ability to execute arbitrary code remotely can also facilitate lateral movement within networks, potentially compromising internal systems. Given the high adoption of WordPress in Europe, especially in countries with large digital economies such as Germany, France, the UK, and the Netherlands, the threat could affect a broad range of sectors including retail, finance, healthcare, and government. Additionally, the vulnerability could be leveraged to deploy ransomware or other malware, exacerbating operational and financial impacts. The lack of user interaction required for exploitation increases the risk of automated attacks and widespread compromise.

1. Monitor official Select-Themes channels and Patchstack for the release of a security patch and apply it immediately upon availability. 2. Until a patch is released, implement web application firewall (WAF) rules to detect and block suspicious requests attempting to manipulate include/require parameters. 3. Restrict PHP include paths using open_basedir or disable allow_url_include in PHP configurations to prevent remote file inclusion. 4. Harden WordPress installations by limiting user privileges, especially for roles that can upload or modify theme files. 5. Conduct regular code audits and vulnerability scans focusing on theme and plugin components. 6. Employ network segmentation to limit the impact of a compromised web server. 7. Educate web administrators on recognizing signs of exploitation and maintaining secure configurations. 8. Consider temporarily disabling or replacing the Stockholm theme if immediate patching is not feasible.