CVE-2025-58933 in Anubis Plugin
Summary
by MITRE • 12/18/2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Anubis anubis allows PHP Local File Inclusion.This issue affects Anubis: from n/a through <= 1.25.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 12/18/2025
The CVE-2025-58933 vulnerability represents a critical PHP Remote File Inclusion flaw within the axiomthemes Anubis theme, specifically affecting versions up to and including 1.25. This vulnerability stems from improper control of filename parameters in include or require statements, creating a pathway for attackers to execute arbitrary code through malicious file inclusion. The issue manifests when the application fails to properly validate or sanitize user-supplied input that is used in PHP include/require operations, allowing remote attackers to manipulate the file inclusion mechanism and potentially load malicious code from external servers or local files.
This vulnerability directly maps to CWE-88, which describes improper control of filename for include or require statements in PHP programs, and aligns with ATT&CK technique T1190 for exploiting vulnerabilities in web applications. The flaw enables attackers to leverage local file inclusion (LFI) techniques by manipulating parameters that are passed to PHP's include or require functions, potentially leading to remote code execution or data exposure. When an attacker successfully exploits this vulnerability, they can execute arbitrary PHP code on the target server, potentially gaining full administrative control over the affected WordPress installation.
The operational impact of this vulnerability is severe as it allows attackers to execute malicious code remotely without authentication, potentially leading to complete compromise of the affected web application. Attackers can leverage this vulnerability to upload backdoors, steal sensitive data, modify website content, or use the compromised server as a launchpad for further attacks within the network. The vulnerability affects WordPress sites using the Anubis theme, making it particularly dangerous as it targets a widely used theme with potential for mass exploitation. The lack of proper input validation in the include/require statements creates a persistent attack surface that can be exploited by automated scanning tools and manual attackers alike.
Mitigation strategies for CVE-2025-58933 should prioritize immediate patching of the Anubis theme to version 1.26 or later, which contains the necessary security fixes. Organizations should also implement proper input validation and sanitization for all user-supplied parameters that are used in file inclusion operations, ensuring that only predetermined, trusted files can be included. Network-level protections such as web application firewalls should be configured to detect and block suspicious include/require parameter patterns. Additionally, implementing the principle of least privilege by restricting file inclusion paths and using absolute paths instead of relative paths can significantly reduce the attack surface. Regular security audits and vulnerability assessments should be conducted to identify similar issues in other components of the web application stack, and automated monitoring should be implemented to detect potential exploitation attempts. The remediation process should also include disabling the ability to include remote files through PHP functions, as this capability should not be required for legitimate application functionality.