A high-severity vulnerability has been identified in multiple axiomthemes Hygia products, tracked as CVE-2025-53453. This flaw allows an unauthenticated attacker to read sensitive files on the web server, potentially exposing confidential data such as database credentials, user information, and system configuration files. Immediate patching is required to prevent potential data breaches and system compromise.

The vulnerability is a PHP Local File Inclusion (LFI) due to an improper control of filenames used in include or require statements. An attacker can exploit this by manipulating an input parameter, likely in the URL, to include directory traversal sequences (e.g., ../). This forces the application to load and potentially display the contents of arbitrary files from the server's local filesystem, limited only by the web server process's file permissions.

This vulnerability is rated as High severity with a CVSS score of 8.2. Successful exploitation could lead to a significant data breach by allowing an attacker to access sensitive information, such as database credentials from configuration files (e.g., wp-config.php), system user lists (/etc/passwd), or proprietary application source code. The compromise of this data could result in further system compromise, financial loss, regulatory fines, and severe reputational damage to the organization.

Immediate Action: All system administrators should apply the security updates provided by axiomthemes to all affected products immediately. After patching, review web server access logs for any signs of exploitation attempts that may have occurred prior to remediation.

Proactive Monitoring: Monitor web server and WAF logs for GET or POST requests containing directory traversal payloads (e.g., ../, ..%2f) in URL parameters. Scrutinize requests attempting to access common sensitive files like /etc/passwd, wp-config.php, or local Windows paths. An increase in HTTP 4xx or 5xx error codes could also indicate failed exploitation attempts.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules designed to block directory traversal and local file inclusion attack patterns. Additionally, ensure the web server process runs with the lowest possible privileges and enforce strict file permissions to limit its access to sensitive system and configuration files.

Public Exploit Available: false

Given the high CVSS score of 8.2 and the potential for a severe data breach, this vulnerability requires immediate attention. Organizations must prioritize the deployment of the vendor-supplied patch across all affected systems. Although this vulnerability is not currently on the CISA KEV list, its severity warrants treating it with the highest priority. Implement the recommended monitoring and compensating controls to reduce risk while the patching process is underway.