A high-severity vulnerability exists in beeteam368 VidMov, identified as CVE-2025-25172, with a CVSS score of 8.1. This flaw allows an attacker to trick the application into including and executing unintended files from the local server, a technique known as Local File Inclusion (LFI). Successful exploitation could lead to unauthorized information disclosure, execution of arbitrary code, and potential full system compromise.

The vulnerability is an Improper Control of a Filename for an Include/Require Statement in the application's PHP code. An attacker can exploit this by crafting a malicious request that manipulates a parameter used in a PHP include or require function. This manipulation tricks the application into including a file from the local filesystem that the attacker specifies, rather than the intended file. This could allow an attacker to read sensitive files (e.g., configuration files containing credentials, system files like /etc/passwd) or, if they can control the content of an included file (e.g., by poisoning a log file), achieve arbitrary code execution in the context of the web server.

This vulnerability is rated as High severity with a CVSS score of 8.1. Exploitation poses a significant risk to the confidentiality, integrity, and availability of the affected application and underlying server. Potential consequences include the theft of sensitive corporate or customer data, unauthorized modification of system files, and full server compromise. A successful attack could lead to reputational damage, financial loss, and regulatory penalties depending on the data exposed.

Immediate Action: Apply vendor-supplied security updates for beeteam368 VidMov immediately to patch the vulnerability. After patching, monitor systems for any signs of post-remediation exploitation attempts and thoroughly review historical access logs for indicators of compromise that may have occurred prior to patching.

Proactive Monitoring: System administrators should actively monitor web server access logs for suspicious requests. Look for patterns indicative of LFI attacks, such as directory traversal sequences (../, ..%2f), absolute file paths in request parameters, and attempts to access common sensitive files. Monitor for unusual process execution or file access activity by the web server's user account.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:

• Deploy a Web Application Firewall (WAF) with rulesets configured to detect and block LFI and directory traversal attack patterns.
• Harden the server's PHP configuration by ensuring allow_url_include is disabled and restricting file access to necessary directories using the open_basedir directive.
• Enforce the principle of least privilege by ensuring the web server process runs with the minimum permissions necessary for its operation.

Public Exploit Available: false

Given the high CVSS score of 8.1 and the critical impact of a successful Local File Inclusion attack, we strongly recommend that organizations prioritize the immediate application of the vendor's security patches. Although this CVE is not currently on the CISA KEV list and public exploits are not yet available, the risk of exploitation is significant. If patching is delayed, the implementation of a WAF and proactive monitoring are critical to mitigate the immediate threat.