CVE-2025-24760 – This vulnerability allows attackers to include ... (How to Fix)

Q: What is the severity of CVE-2025-24760?

CVE-2025-24760 has a CVSS score of 8.1 (HIGH). This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress sites using the Sofass theme version 1.3.4 and earlier. Attackers can potentially read sensitive files or execute arbitrary code.

📋 TL;DR

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress sites using the Sofass theme version 1.3.4 and earlier. Attackers can potentially read sensitive files or execute arbitrary code.

💻 Affected Systems

Products:

WordPress Sofass Theme

Versions: n/a through 1.3.4

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Sofass theme active. PHP configuration with allow_url_include disabled does not prevent local file inclusion.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Sensitive file disclosure (configuration files, database credentials, user data) and limited code execution within web server context.

🟢

If Mitigated

Limited impact if file permissions are restrictive and web server runs with minimal privileges.

🌐 Internet-Facing: HIGH - WordPress themes are typically internet-facing and this vulnerability requires no authentication.

🏢 Internal Only: MEDIUM - Internal systems could still be vulnerable if accessible to internal attackers.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests can trigger the vulnerability. Public proof-of-concept exists on security research sites.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.5 or later

Vendor Advisory: https://patchstack.com/database/wordpress/theme/sofass/vulnerability/wordpress-sofass-1-3-4-local-file-inclusion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Update Sofass theme to version 1.3.5 or later via WordPress admin panel. 2. Alternatively, delete the theme and install the latest version from WordPress repository.

🔧 Temporary Workarounds

Disable Sofass Theme

all

Switch to a different WordPress theme until patched

wp theme deactivate sofass
wp theme activate twentytwentyfour

Restrict File Access

linux

Set strict file permissions on web directory

chmod 644 /var/www/html/wp-content/themes/sofass/*
chmod 755 /var/www/html/wp-content/themes/sofass/

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block file inclusion patterns
Restrict web server user permissions and implement strict file system access controls

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Appearance > Themes for Sofass theme version 1.3.4 or earlier

Check Version:

wp theme list --name=sofass --field=version

Verify Fix Applied:

Verify theme version is 1.3.5 or later in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual file include patterns in PHP error logs
HTTP requests with file path traversal parameters

Network Indicators:

HTTP requests containing '..', '/etc/', or other directory traversal patterns

SIEM Query:

source="web_logs" AND (uri="*..*" OR uri="*/etc/*" OR uri="*include*" OR uri="*require*")

📊 Metadata

CVE ID: CVE-2025-24760

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-98

EPSS Score: 0.12% exploit probability (30.9th percentile)

Published: June 27, 2025

Last Updated: June 30, 2025

🔗 References

https://patchstack.com/database/wordpress/theme/sofass/vulnerability/wordpress-sofass-1-3-4-local-file-inclusion-vulnerability?_s_id=cve

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24760, you might also want to check these: