CVE-2025-49941 in GlamChic Plugin
Summary
by MITRE • 12/18/2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes GlamChic glamchic allows PHP Local File Inclusion.This issue affects GlamChic: from n/a through <= 1.0.11.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 12/18/2025
The CVE-2025-49941 vulnerability represents a critical PHP Remote File Inclusion flaw that enables attackers to manipulate include/require statements within the AncoraThemes GlamChic theme. This vulnerability stems from inadequate input validation and sanitization of filename parameters that are used in PHP include operations. The flaw exists in the GlamChic theme version 1.0.11 and earlier, making all installations within this range susceptible to exploitation. The vulnerability allows remote attackers to execute arbitrary PHP code by manipulating the filename parameter passed to include/require functions, effectively bypassing normal file access controls and potentially leading to complete system compromise.
The technical implementation of this vulnerability involves the theme's failure to properly validate or sanitize user-supplied input before using it in dynamic include statements. When an attacker crafts a malicious payload that includes a filename parameter, the PHP interpreter processes this input without adequate restrictions, allowing the execution of arbitrary code from remote locations or local files on the server. This flaw directly maps to CWE-98, which describes improper control of code execution through dynamic calls or include operations. The vulnerability operates at the application layer and can be exploited through HTTP parameters, making it particularly dangerous in web environments where user input is commonly accepted.
The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with the ability to establish persistent access to affected systems. Successful exploitation can lead to full system compromise, data theft, and the installation of backdoors or additional malware. Attackers can leverage this vulnerability to upload malicious files, execute commands on the server, and potentially escalate privileges to gain administrative control over the hosting environment. The remote nature of the attack means that exploitation can occur without physical access to the system, making it particularly dangerous for web applications that are publicly accessible. This vulnerability directly aligns with ATT&CK technique T1505.003, which covers Server Software Component compromise through remote file inclusion attacks.
Mitigation strategies for CVE-2025-49941 should prioritize immediate patching of the GlamChic theme to version 1.0.12 or later, which contains the necessary security fixes. Organizations should implement proper input validation and sanitization measures to prevent malicious filenames from being processed in include operations. The recommended approach includes disabling the ability to pass external URLs in include statements, implementing strict parameter validation, and using allowlists for acceptable file paths. Additionally, administrators should consider implementing web application firewalls to detect and block suspicious include parameters, and conduct thorough security audits of all installed themes and plugins to identify similar vulnerabilities. Regular security monitoring and vulnerability scanning should be implemented to detect potential exploitation attempts and ensure that all components remain up to date with the latest security patches.