CVE-2025-32159
📋 TL;DR
This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It affects WordPress sites using the Radius Blocks plugin from version unknown through 2.2.1, potentially leading to sensitive information disclosure or code execution.
💻 Affected Systems
- RadiusTheme Radius Blocks WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete server compromise, data exfiltration, or website defacement.
Likely Case
Local file inclusion allowing reading of sensitive files like configuration files, logs, or source code.
If Mitigated
Limited impact if file permissions are restrictive and web server runs with minimal privileges.
🎯 Exploit Status
Exploitation requires sending crafted requests to vulnerable endpoints. Public proof-of-concept exists in vulnerability databases.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.2 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Radius Blocks' and click 'Update Now'. 4. Verify update to version 2.2.2 or later.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the Radius Blocks plugin until patched.
wp plugin deactivate radius-blocks
Web Application Firewall Rule
linuxBlock requests containing path traversal sequences in URL parameters.
ModSecurity rule: SecRule ARGS "\.\./" "id:1001,phase:2,deny,status:403,msg:'Path Traversal Attempt'"
🧯 If You Can't Patch
- Remove the Radius Blocks plugin completely from production systems.
- Implement strict file permissions and disable PHP error reporting to limit information leakage.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Radius Blocks version. If version is 2.2.1 or earlier, system is vulnerable.Check Version:
wp plugin get radius-blocks --field=versionVerify Fix Applied:
Confirm plugin version is 2.2.2 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests with ../ sequences in URL parameters
- PHP warnings about failed file inclusions
- Access to unusual files in web root
Network Indicators:
- HTTP requests to radius-blocks endpoints with path traversal payloads
- Unusual file read patterns from web server
SIEM Query:
source="web_server.logs" AND (uri="*radius-blocks*" AND (uri="*../*" OR uri="*..\\*"))