A high-severity vulnerability has been identified in multiple ThemeUniver Glamer products, assigned CVE-2025-53216. This flaw allows a remote attacker to read sensitive files on the server by manipulating file inclusion functions. Successful exploitation could lead to the exposure of confidential data, system credentials, and application source code, potentially enabling further system compromise.

This vulnerability is a Local File Inclusion (LFI) flaw resulting from the improper sanitization of user-supplied input used in PHP include or require statements. An unauthenticated remote attacker can exploit this by crafting a malicious request that includes directory traversal sequences (e.g., ../). This tricks the application into including and rendering arbitrary files from the server's local filesystem, granting the attacker read access to any file that the web server process has permissions to access.

This is a high-severity vulnerability with a CVSS score of 8.1. Exploitation could have a significant business impact, including the breach of sensitive data such as customer information, database credentials, API keys, and other configuration secrets. This exposure can lead to regulatory fines, reputational damage, and a loss of customer trust. Furthermore, information gathered through this vulnerability could serve as a foothold for attackers to escalate privileges or conduct more complex attacks against the organization's infrastructure.

Immediate Action:

• Immediately apply the security updates provided by ThemeUniver to all affected products.
• After patching, verify that the updates have been successfully installed and the vulnerability is remediated.

Proactive Monitoring:

• Review historical and current web server access logs for patterns indicative of LFI exploitation attempts. Look for requests containing directory traversal sequences like ../, ..%2f, or ..%c0%af in URL parameters.
• Monitor for attempts to access common sensitive files, such as /etc/passwd, wp-config.php, .env, or local application configuration files.
• Implement alerting for a high volume of 404 Not Found or 500 Internal Server Error responses, which may indicate scanning or exploitation attempts.

Compensating Controls:

• If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block LFI and directory traversal attack patterns.
• Harden PHP configurations by ensuring allow_url_include is disabled and implementing a restrictive open_basedir path to limit the directories from which PHP can read files.
• Ensure the web server process runs with the lowest possible privileges to limit the scope of files an attacker can access if the vulnerability is exploited.

Public Exploit Available: false

Given the high severity (CVSS 8.1) of this vulnerability and its potential for exposing critical data, immediate action is required. While this vulnerability is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog, its impact warrants urgent attention. Organizations using the affected ThemeUniver Glamer products are strongly advised to prioritize the application of vendor-supplied security patches to mitigate the risk of data exposure and potential system compromise.