CVE-2025-62045 in Theme Elements for WPBakery Plugin
Summary
by MITRE • 11/06/2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements.This issue affects TheGem Theme Elements (for WPBakery): from n/a through <= 5.10.5.1.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 11/08/2025
The CVE-2025-62045 vulnerability represents a critical PHP Remote File Inclusion flaw that specifically impacts the CodexThemes TheGem Theme Elements plugin for WPBakery. This vulnerability stems from improper validation of filename parameters within include or require statements, creating a pathway for malicious actors to execute arbitrary code on affected systems. The issue exists in versions of the plugin ranging from the initial release through version 5.10.5.1, making it a persistent threat across multiple iterations of the software. The vulnerability's classification aligns with CWE-98, which describes improper control of filename for include or require statements, a well-documented weakness in web application security that has been exploited in numerous high-profile attacks.
The technical exploitation of this vulnerability occurs when the plugin fails to properly sanitize user input that is used in dynamic include or require operations. Attackers can manipulate parameters that control which files are included in the execution flow, potentially leading to remote code execution by referencing malicious files hosted on external servers. This flaw specifically affects how the plugin handles filename parameters in its PHP code, where user-supplied data directly influences the include statement without adequate validation or sanitization measures. The vulnerability creates a direct attack surface that allows threat actors to bypass normal access controls and execute unauthorized code within the context of the web server.
The operational impact of CVE-2025-62045 extends beyond simple code execution, as it can lead to complete system compromise and data breaches. When exploited successfully, attackers can gain administrative control over affected WordPress installations, potentially leading to unauthorized access to sensitive user data, modification of website content, or deployment of malware. The vulnerability's presence in the TheGem Theme Elements plugin means that any WordPress site utilizing this specific theme component is at risk, particularly when the plugin is not properly updated or patched. This makes the vulnerability particularly dangerous in environments where automated patch management is not implemented or where administrators are unaware of the specific plugin version in use.
Organizations affected by this vulnerability should immediately implement mitigations including updating to the latest version of the TheGem Theme Elements plugin where available, implementing input validation controls, and monitoring for suspicious file inclusion patterns in web server logs. Network segmentation and web application firewalls can provide additional layers of protection by blocking suspicious requests that attempt to exploit this vulnerability. The ATT&CK framework categorizes this type of vulnerability under T1190 - Exploit Public-Facing Application, as it represents an attack vector that targets publicly accessible web applications. Security teams should also consider implementing runtime application self-protection measures and conducting regular security assessments to identify similar vulnerabilities in other components of their web applications, as the underlying flaw in improper filename control is a common pattern in web application security breaches.