CVE-2025-39461 in Docket Cache Plugininfo

Summary

by MITRE • 04/17/2025

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache allows PHP Local File Inclusion. This issue affects Docket Cache: from n/a through 24.07.02.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 04/17/2025

The vulnerability identified as CVE-2025-39461 represents a critical PHP Remote File Inclusion flaw that fundamentally undermines the security posture of the Nawawi Jamili Docket Cache application. This vulnerability stems from improper control of filename parameters within include or require statements, creating an exploitable condition where remote attackers can manipulate file inclusion directives to execute arbitrary code. The flaw specifically manifests in the application's handling of user-supplied input that directly influences the filename parameter used in PHP's include/require functions, enabling attackers to load and execute malicious code from remote servers or local files.

The technical implementation of this vulnerability follows the established patterns of PHP Local File Inclusion (LFI) attacks, where the application fails to properly validate or sanitize input parameters before using them in file inclusion operations. When the Docket Cache application processes requests containing malicious filenames, it directly incorporates user-controlled data into include statements without adequate sanitization or validation mechanisms. This creates a pathway for attackers to leverage the vulnerability by supplying crafted filenames that can reference local system files or remote web shells, potentially leading to complete system compromise. The vulnerability is particularly dangerous because it operates at the core execution layer of the PHP application, allowing for arbitrary code execution with the privileges of the web server process.

The operational impact of this vulnerability extends far beyond simple data exposure, as it provides attackers with a direct avenue for establishing persistent access to affected systems. An attacker who successfully exploits this vulnerability can execute arbitrary commands on the target server, potentially leading to data theft, system compromise, or use as a foothold for further network infiltration. The affected version range from n/a through 24.07.02 indicates this vulnerability has existed for an extended period, suggesting that organizations running these versions face significant risk. The vulnerability's classification aligns with CWE-98, which specifically addresses Improper Control of Code Generation, and relates to ATT&CK technique T1190 for Exploit Public-Facing Application, making it a high-priority target for threat actors seeking to compromise web applications.

Organizations utilizing affected versions of the Nawawi Jamili Docket Cache should immediately implement mitigations to address this vulnerability. The primary defense mechanism involves implementing strict input validation and sanitization for all user-supplied parameters that influence file inclusion operations. This includes implementing whitelisting mechanisms that only permit known good filenames or using absolute path validation to prevent directory traversal attacks. Additionally, disabling the ability to pass remote URLs in include/require statements through PHP configuration settings such as allow_url_include = Off can significantly reduce the attack surface. Regular security audits and penetration testing should be conducted to identify similar vulnerabilities in other application components, while comprehensive monitoring should be implemented to detect potential exploitation attempts. The vulnerability also highlights the importance of keeping all third-party components updated and following secure coding practices that prevent such dangerous parameter handling patterns in future development cycles.

Responsible

Patchstack

Reservation

04/16/2025

Disclosure

04/17/2025

Moderation

accepted

CPE

ready

EPSS

0.00576

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!