CVE-2025-53441 – This vulnerability allows attackers to include ... (How to Fix)

Q: What is the severity of CVE-2025-53441?

CVE-2025-53441 has a CVSS score of 8.1 (HIGH). This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress sites using the Greeny theme from AxiomThemes. All versions up to and including 2.6 are vulnerable.

📋 TL;DR

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress sites using the Greeny theme from AxiomThemes. All versions up to and including 2.6 are vulnerable.

💻 Affected Systems

Products:

AxiomThemes Greeny WordPress Theme

Versions: All versions up to and including 2.6

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Greeny theme active. PHP configuration with allow_url_include disabled does not prevent local file inclusion.

📦 What is this software?

Greeny by Axiomthemes

View all CVEs affecting Greeny →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise through local file inclusion leading to remote code execution, data theft, and complete site takeover.

🟠

Likely Case

Sensitive file disclosure (configuration files, credentials), limited code execution, and site defacement.

🟢

If Mitigated

Limited impact if proper file permissions and web server configurations restrict access to sensitive directories.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires knowledge of vulnerable parameters but is straightforward for attackers familiar with LFI techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 2.6

Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/greeny/vulnerability/wordpress-greeny-theme-2-6-local-file-inclusion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for Greeny theme updates. 4. Update to latest version (above 2.6). 5. Clear cache if using caching plugins.

🔧 Temporary Workarounds

Disable vulnerable theme

all

Switch to default WordPress theme until patch is applied

wp theme activate twentytwentyfour

Restrict file access

linux

Configure web server to block access to sensitive directories

# Apache: Add to .htaccess
<FilesMatch "\.(php|inc|conf|config)$">
  Order Deny,Allow
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block LFI patterns
Restrict theme file permissions and disable unused theme features

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Appearance > Themes for Greeny theme version 2.6 or lower

Check Version:

wp theme list --field=name,status,version | grep greeny

Verify Fix Applied:

Verify Greeny theme version is above 2.6 in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual file include patterns in PHP error logs
Requests with ../ sequences or file parameter manipulation

Network Indicators:

HTTP requests with file inclusion parameters like ?file=../../etc/passwd

SIEM Query:

source="web_logs" AND (uri="*file=*" OR uri="*include=*") AND (uri="*../*" OR uri="*..\\*" OR uri="*php://*" OR uri="*data://*")

📊 Metadata

CVE ID: CVE-2025-53441

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-98

EPSS Score: 0.17% exploit probability (37.5th percentile)

Published: December 18, 2025

Last Updated: January 20, 2026

🔗 References

https://patchstack.com/database/Wordpress/Theme/greeny/vulnerability/wordpress-greeny-theme-2-6-local-file-inclusion-vulnerability?_s_id=cve

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-53441, you might also want to check these: