CVE-2025-58932
📋 TL;DR
This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress sites using the Prisma theme from AxiomThemes. Attackers can potentially read sensitive files or execute arbitrary code.
💻 Affected Systems
- AxiomThemes Prisma WordPress Theme
📦 What is this software?
Prisma by Axiomthemes
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through arbitrary code execution leading to data theft, ransomware deployment, or complete system takeover.
Likely Case
Sensitive file disclosure (configuration files, database credentials, user data) and limited code execution within web server context.
If Mitigated
Limited impact if file permissions are restrictive and web server runs with minimal privileges, though information disclosure remains possible.
🎯 Exploit Status
Simple HTTP requests can trigger the vulnerability. Public exploit details available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.10
Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/prisma/vulnerability/wordpress-prisma-theme-1-10-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Update Prisma theme to latest version via WordPress admin panel. 2. If update unavailable, remove theme and replace with secure alternative. 3. Clear any cached theme files.
🔧 Temporary Workarounds
Disable vulnerable theme
allSwitch to default WordPress theme to immediately remove vulnerability
wp theme activate twentytwentyfour
wp theme delete prisma
Restrict PHP file functions
linuxUse PHP disable_functions to limit include/require capabilities
Add 'disable_functions = include,require,include_once,require_once' to php.ini
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block file inclusion patterns
- Restrict web server permissions to prevent reading sensitive system files
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel for Prisma theme version. If version <= 1.10, system is vulnerable.Check Version:
wp theme list --field=name,status,version | grep prismaVerify Fix Applied:
Confirm theme version is >1.10 or theme is removed. Test with controlled LFI payloads.📡 Detection & Monitoring
Log Indicators:
- Unusual file paths in PHP error logs
- Multiple include/require failures with path traversal patterns
- Requests to theme files with suspicious parameters
Network Indicators:
- HTTP requests containing '../' patterns in parameters
- Requests to theme PHP files with file path parameters
SIEM Query:
web.url:*prisma* AND (web.param:*../* OR web.param:*php://* OR web.param:*file=*)