CVE-2025-53445
📋 TL;DR
This vulnerability allows attackers to include local PHP files through improper filename control in the Catwalk WordPress theme. It enables PHP Local File Inclusion (LFI), potentially leading to sensitive information disclosure or code execution. WordPress sites using Catwalk theme version 1.4 or earlier are affected.
💻 Affected Systems
- axiomthemes Catwalk WordPress theme
📦 What is this software?
Catwalk by Axiomthemes
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through LFI to remote code execution chain, allowing complete control of the web server and potential lateral movement.
Likely Case
Sensitive file disclosure (configuration files, credentials, source code) and limited code execution through existing PHP files on the server.
If Mitigated
Information disclosure limited to publicly accessible files only, with no code execution possible.
🎯 Exploit Status
Simple HTTP requests can trigger the vulnerability. Public exploit code is available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.5 or later
Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/catwalk/vulnerability/wordpress-catwalk-theme-1-4-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check if Catwalk theme update is available. 4. Update to version 1.5 or later. 5. If no update available, replace with alternative theme.
🔧 Temporary Workarounds
Disable vulnerable theme
allSwitch to default WordPress theme to immediately remove vulnerability
wp theme activate twentytwentyfour
Web Application Firewall rule
linuxBlock requests containing local file inclusion patterns
ModSecurity rule: SecRule ARGS "\.\./" "id:1001,phase:2,deny,status:403,msg:'Local File Inclusion attempt'
🧯 If You Can't Patch
- Disable Catwalk theme immediately and use alternative theme
- Implement strict file permission controls on sensitive server files
🔍 How to Verify
Check if Vulnerable:
Check WordPress theme version in wp-content/themes/catwalk/style.css or via WordPress admin panelCheck Version:
grep 'Version' wp-content/themes/catwalk/style.css | head -1Verify Fix Applied:
Confirm Catwalk theme version is 1.5 or later in theme details📡 Detection & Monitoring
Log Indicators:
- HTTP requests with ../ sequences in parameters
- Access to sensitive files like /etc/passwd in web logs
- PHP include/require errors with unusual file paths
Network Indicators:
- HTTP GET/POST requests with file path traversal patterns in URL parameters
SIEM Query:
source="web_access.log" AND (uri="*../*" OR uri="*/etc/passwd*" OR uri="*/proc/self/environ*")