CVE-2025-58932 in Prisma Plugin
Summary
by MITRE • 12/18/2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Prisma prisma allows PHP Local File Inclusion.This issue affects Prisma: from n/a through <= 1.10.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 12/18/2025
The CVE-2025-58932 vulnerability represents a critical PHP Remote File Inclusion flaw in the axiomthemes Prisma theme, specifically impacting versions prior to 1.10. This vulnerability stems from improper control of filename parameters in include/require statements, creating a pathway for malicious actors to execute arbitrary code on affected systems. The flaw manifests when user-supplied input is directly incorporated into PHP include or require directives without adequate sanitization or validation, allowing attackers to manipulate the file inclusion process.
The technical implementation of this vulnerability occurs within the theme's codebase where filename parameters are accepted from external sources and passed directly to PHP's include or require functions. This pattern violates fundamental security principles and creates an environment where attackers can specify arbitrary file paths, potentially leading to local file inclusion attacks. The vulnerability falls under CWE-98, which specifically addresses the improper control of filename for include or require statements, making it a direct implementation of this well-known weakness category. When exploited, this flaw enables attackers to include local files from the server filesystem, potentially allowing them to execute malicious code, read sensitive files, or establish persistent access to the compromised system.
The operational impact of this vulnerability extends beyond simple code execution, as it can lead to complete system compromise when combined with other attack vectors. Attackers can leverage this vulnerability to access sensitive configuration files, database credentials, or other critical system information stored locally on the server. The attack surface is particularly concerning given that this vulnerability affects a widely used WordPress theme, potentially exposing thousands of websites to remote code execution. The vulnerability's classification under ATT&CK technique T1190, "Exploit Public-Facing Application," highlights its relevance in the context of web application exploitation, while the use of local file inclusion techniques aligns with T1059.007, "Command and Scripting Interpreter: Unix Shell," when attackers attempt to execute system commands through the compromised PHP environment.
Mitigation strategies for this vulnerability must address both immediate remediation and long-term security hardening. The primary solution involves upgrading to Prisma version 1.10 or later, where the vulnerability has been patched through proper input validation and sanitization of filename parameters. Security practitioners should implement strict input validation measures that prevent malicious filenames from being processed, including whitelisting acceptable file paths and implementing proper parameter sanitization routines. Additionally, organizations should consider implementing web application firewalls to detect and block suspicious include/require parameter patterns, while also conducting regular security audits to identify similar vulnerabilities in other components of their web applications. The remediation process should include comprehensive testing to ensure that the patch does not introduce regressions in functionality while maintaining the security posture of the affected systems.