CVE-2025-50003 in Amuli Plugin
Summary
by MITRE • 01/22/2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Amuli amuli allows PHP Local File Inclusion.This issue affects Amuli: from n/a through <= 2.3.0.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/24/2026
The vulnerability identified as CVE-2025-50003 represents a critical PHP Remote File Inclusion flaw within the axiomthemes Amuli amuli theme, specifically impacting versions through 2.3.0. This vulnerability stems from improper control of filename parameters in include or require statements, creating a pathway for malicious actors to execute arbitrary code through file inclusion mechanisms. The flaw manifests when user-supplied input is directly incorporated into PHP include directives without adequate sanitization or validation, allowing attackers to manipulate the file inclusion process and potentially load malicious code from remote servers or local system files.
The technical implementation of this vulnerability involves the theme's failure to properly validate or sanitize input parameters that are subsequently used in PHP include/require functions. When an attacker can control the filename parameter passed to these functions, they can specify arbitrary file paths or URLs, enabling local file inclusion attacks that can lead to complete system compromise. This type of vulnerability falls under CWE-88, which specifically addresses improper control of filename for include or require statements, and aligns with the broader category of CWE-94, which encompasses arbitrary code execution through insecure deserialization or inclusion mechanisms. The ATT&CK framework categorizes this under T1190 - Exploit Public-Facing Application, as it represents an attack vector through web application interfaces.
The operational impact of this vulnerability extends beyond simple code execution, as it can enable attackers to escalate privileges, access sensitive data, and potentially establish persistent backdoors within affected systems. The remote file inclusion capability allows attackers to leverage malicious files hosted on external servers, making detection and mitigation more challenging. Additionally, the vulnerability can be exploited to access system files, database credentials, and other sensitive information stored within the application's environment. This flaw particularly affects WordPress installations using the Amuli theme, where attackers can manipulate theme parameters to include malicious files, potentially leading to full system compromise and data breaches.
Mitigation strategies should focus on immediate patching of affected versions, implementing strict input validation for all user-supplied parameters, and employing secure coding practices that prevent direct inclusion of user-controllable variables. Organizations should also implement web application firewalls to detect and block suspicious include requests, conduct regular security audits of theme and plugin code, and establish proper file access controls to limit the impact of potential exploitation. The recommended approach includes updating to the latest version of the Amuli theme, implementing proper parameter sanitization, and applying the principle of least privilege to file inclusion operations. Additionally, security monitoring should be enhanced to detect unusual file access patterns and potential exploitation attempts targeting this specific vulnerability class.