CVE-2025-58940
📋 TL;DR
This CVE describes a PHP Local File Inclusion vulnerability in the Basil WordPress theme that allows attackers to include arbitrary local files via improper filename control. Attackers can potentially read sensitive files or execute code by manipulating file inclusion parameters. All WordPress sites using Basil theme versions up to and including 1.3.12 are affected.
💻 Affected Systems
- axiomthemes Basil WordPress Theme
📦 What is this software?
Basil by Axiomthemes
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data exfiltration, and persistent backdoor installation.
Likely Case
Sensitive file disclosure (configuration files, database credentials, user data) and limited code execution within web server context.
If Mitigated
Unauthorized file reads limited to web-accessible directories if proper file permissions and security controls are implemented.
🎯 Exploit Status
Exploitation requires knowledge of vulnerable parameters but is straightforward for attackers familiar with LFI techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.13 or later
Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/basil/vulnerability/wordpress-basil-theme-1-3-12-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for Basil theme update notification. 4. Click 'Update Now' for Basil theme. 5. Verify theme version is 1.3.13 or higher.
🔧 Temporary Workarounds
Disable vulnerable theme
allTemporarily switch to default WordPress theme until patch can be applied
wp theme activate twentytwentyfour
Web Application Firewall rule
allBlock requests containing local file inclusion patterns in vulnerable parameters
🧯 If You Can't Patch
- Implement strict file permissions (chmod 600 for sensitive files, 755 for directories)
- Deploy web application firewall with LFI detection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Appearance > Themes for Basil theme version. If version is 1.3.12 or lower, system is vulnerable.Check Version:
wp theme list --name=basil --field=versionVerify Fix Applied:
Verify Basil theme version shows 1.3.13 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in web server logs
- Requests containing '../' or absolute paths in theme-related parameters
- Multiple failed attempts to access sensitive files
Network Indicators:
- HTTP requests with file inclusion payloads to theme endpoints
- Unusual outbound connections after successful exploitation
SIEM Query:
source="web_server_logs" AND (uri="*basil*" AND (param="*../*" OR param="*/etc/*" OR param="*C:\*"))