CVE-2025-8913 is a critical vulnerability classified under CWE-98, which pertains to improper control of filenames used in include or require statements within PHP applications. Specifically, this vulnerability affects the Organization Portal System developed by WellChoose. The flaw allows unauthenticated remote attackers to perform Local File Inclusion (LFI), enabling them to execute arbitrary code on the affected server. The vulnerability arises because the application fails to properly validate or sanitize user-supplied input that determines which files are included or required by the PHP program. This lack of validation permits attackers to manipulate the filename parameter to include malicious files or system files, potentially leading to remote code execution. The CVSS 4.0 base score of 9.3 reflects the high severity, with an attack vector that is network-based (AV:N), requiring no privileges (PR:N), no user interaction (UI:N), and no authentication (AT:N). The impact on confidentiality, integrity, and availability is high, as attackers can execute arbitrary code, potentially leading to full system compromise. No patches or known exploits in the wild have been reported yet, but the vulnerability's critical nature demands immediate attention. The affected product version is listed as '0', which may indicate an initial or default version, suggesting that all current deployments of this portal system are vulnerable unless mitigated or updated.

For European organizations using the WellChoose Organization Portal System, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized access, data breaches, and full system compromise, impacting sensitive organizational data and services. Given the portal system's likely role in managing organizational workflows or sensitive information, attackers could disrupt operations, steal confidential data, or use the compromised server as a foothold for further attacks within the network. The lack of authentication requirements and user interaction lowers the barrier for exploitation, increasing the likelihood of attacks. This could result in regulatory non-compliance issues under GDPR due to potential data exposure, leading to legal and financial consequences. Additionally, the operational disruption could affect business continuity and reputation. The absence of known exploits in the wild currently provides a window for proactive mitigation, but the critical severity necessitates urgent response.

1. Immediate code review and input validation: Developers should audit all include/require statements to ensure that filenames are strictly validated against a whitelist of allowed files or sanitized to prevent directory traversal and remote file inclusion. 2. Implement strict input sanitization: Use PHP functions such as basename() to strip directory paths and validate inputs against expected patterns. 3. Disable allow_url_include and allow_url_fopen in PHP configuration to prevent remote file inclusion vectors. 4. Apply web application firewalls (WAF) with rules targeting LFI attempts to detect and block malicious requests. 5. Restrict file system permissions for the web server user to limit the impact of any successful inclusion. 6. Monitor logs for suspicious access patterns related to file inclusion attempts. 7. Coordinate with WellChoose for official patches or updates; if unavailable, consider temporary mitigations such as disabling vulnerable modules or restricting access to the portal system. 8. Conduct penetration testing focused on file inclusion vulnerabilities to verify mitigation effectiveness.