CVE-2025-58950 – This vulnerability allows attackers to include ... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress Lione theme installations running version 1.16 or earlier. Attackers can potentially read sensitive files or execute arbitrary code.

💻 Affected Systems

Products:

axiomthemes Lione WordPress Theme

Versions: All versions up to and including 1.16

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Lione theme active. PHP configuration with allow_url_include disabled does not prevent local file inclusion.

📦 What is this software?

Lione by Axiomthemes

View all CVEs affecting Lione →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Sensitive file disclosure (configuration files, database credentials, user data) and limited server information leakage.

🟢

If Mitigated

Limited impact with proper file permissions and security controls preventing file inclusion outside intended directories.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires knowledge of vulnerable parameter and path traversal techniques. Public exploit details available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 1.16

Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/lione/vulnerability/wordpress-lione-theme-1-16-local-file-inclusion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Appearance > Themes
3. Check for Lione theme updates
4. Update to latest version (above 1.16)
5. If no update available, deactivate and remove the theme

🔧 Temporary Workarounds

Disable vulnerable theme

all

Deactivate Lione theme and switch to default WordPress theme

wp theme deactivate lione
wp theme activate twentytwentyfour

Restrict file inclusion

linux

Add PHP configuration to restrict file inclusion paths

Add 'open_basedir = /var/www/html' to php.ini

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block file inclusion patterns
Restrict file permissions and implement strict directory traversal protections

🔍 How to Verify

Check if Vulnerable:

Check WordPress theme version in Appearance > Themes or run: wp theme list --field=name,status,version | grep lione

Check Version:

wp theme list --field=name,version | grep lione

Verify Fix Applied:

Confirm Lione theme version is above 1.16 or theme is deactivated

📡 Detection & Monitoring

Log Indicators:

Unusual file include requests in PHP error logs
HTTP requests with file path traversal patterns to theme files

Network Indicators:

HTTP requests containing '../' patterns targeting theme PHP files
Unusual file read attempts from web server

SIEM Query:

web.url:*lione* AND (web.url:*..* OR web.url:*include* OR web.url:*require*)

📊 Metadata

CVE ID: CVE-2025-58950

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-98

EPSS Score: 0.05% exploit probability (15.5th percentile)

Published: December 18, 2025

Last Updated: January 20, 2026

🔗 References

https://patchstack.com/database/Wordpress/Theme/lione/vulnerability/wordpress-lione-theme-1-16-local-file-inclusion-vulnerability?_s_id=cve

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58950, you might also want to check these: