Login Sign Up

CVE-2025-39507

7.5 HIGH

📋 TL;DR

This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It affects WordPress sites using the Nasa Core plugin, potentially leading to sensitive file disclosure or code execution. All sites running Nasa Core versions up to 6.3.2 are vulnerable.

💻 Affected Systems

Products:
  • Nasa Core WordPress Plugin
Versions: All versions up to and including 6.3.2
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with Nasa Core plugin active. PHP configuration (allow_url_include) may affect exploitability.

📦 What is this software?

Nasa Core by Nasatheme

View all CVEs affecting Nasa Core →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise through local file inclusion leading to remote code execution, sensitive data exposure, and complete site takeover.

🟠

Likely Case

Sensitive file disclosure (configuration files, database credentials), limited code execution, and potential privilege escalation.

🟢

If Mitigated

No impact if proper file permissions and web server configurations prevent access to sensitive files.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit requires knowledge of file paths but is straightforward for attackers familiar with LFI techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.3.3 or later

Vendor Advisory: https://patchstack.com/database/wordpress/plugin/nasa-core/vulnerability/wordpress-nasa-core-plugin-6-3-2-local-file-inclusion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Nasa Core and click 'Update Now'. 4. Verify version is 6.3.3 or higher.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the Nasa Core plugin until patched

wp plugin deactivate nasa-core

Restrict File Access

linux

Configure web server to deny access to sensitive directories

# In .htaccess for Apache:
<FilesMatch "\.(php|inc|conf|ini|log|sql)$">
  Order allow,deny
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block LFI patterns
  • Restrict PHP's open_basedir directive to limit file access

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Nasa Core version. If version is 6.3.2 or lower, system is vulnerable.

Check Version:

wp plugin get nasa-core --field=version

Verify Fix Applied:

Verify Nasa Core plugin version is 6.3.3 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual include/require statements in PHP logs
  • Access to sensitive files like /etc/passwd, wp-config.php

Network Indicators:

  • HTTP requests with file path traversal patterns in parameters

SIEM Query:

source="web_logs" AND ("include.php" OR "require.php") AND (".." OR "/etc/" OR "wp-config")

📊 Metadata

CVE ID: CVE-2025-39507
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-98
EPSS Score: 0.16% exploit probability (36.5th percentile)
Published: May 16, 2025
Last Updated: June 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-39507, you might also want to check these:

CVE-2025-25174 10.0

This CVE describes a PHP Local File Inclusion vulnerability in the BeeTeam368 Extensions WordPress p...

Same vulnerability type (CWE-98)
CVE-2025-49994 9.8

This vulnerability allows attackers to include local files on the server through improper filename c...

Same vulnerability type (CWE-98)
CVE-2025-50003 9.8

This vulnerability allows attackers to include local PHP files through improper filename control in ...

Same vulnerability type (CWE-98)