A high-severity vulnerability has been identified in multiple BuddyDev MediaPress products, tracked as CVE-2025-58608. This flaw allows an unauthenticated attacker to trick the application into including and executing local files on the server, which could lead to sensitive information disclosure or a full system compromise. Organizations using the affected software are at significant risk of data breaches and server takeover.

The vulnerability is a Local File Inclusion (LFI) flaw resulting from an "Improper Control of Filename for Include/Require Statement in PHP Program." The application uses user-supplied input to construct a file path for a PHP include() or require() function without proper sanitization. An attacker can manipulate this input using directory traversal sequences (e.g., ../) to force the application to include arbitrary files from the server's local filesystem. This could allow the attacker to read sensitive configuration files (such as wp-config.php containing database credentials) or, if combined with a file upload capability, achieve remote code execution by tricking the server into executing a malicious uploaded file.

This vulnerability is rated as High severity with a CVSS score of 7.5. Successful exploitation could have a severe impact on the business, leading to the compromise of sensitive data, including customer information, intellectual property, and system credentials. The ability to read server files can lead to a complete breach of confidentiality and integrity. If an attacker leverages this vulnerability to achieve remote code execution, they could gain full control of the affected server, disrupting business operations, defacing the website, or using the server to launch further attacks against the internal network.

Immediate Action: The primary and most effective remediation is to apply the security patches provided by the vendor across all affected systems immediately. After patching, it is crucial to monitor system and application logs for any signs of attempted or successful exploitation that may have occurred before the patch was applied.

Proactive Monitoring: Security teams should actively monitor web server access logs for suspicious patterns indicative of LFI attacks. This includes requests containing directory traversal sequences (../), references to sensitive system files (e.g., /etc/passwd, wp-config.php), and requests that result in PHP errors related to include() or require() functions. Network monitoring should also be configured to detect unusual outbound connections from the web server, which could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to detect and block LFI and directory traversal attack patterns. Additionally, ensure the web server process runs with the least privilege necessary and restrict its read access to files outside of the web root directory to limit the impact of a potential breach.

Public Exploit Available: false

Given the high severity (CVSS 7.5) of this vulnerability and its potential for complete server compromise, we strongly recommend that organizations prioritize the immediate application of vendor-supplied security updates. Although there is no evidence of active exploitation at this time, the risk of future attacks is significant. All remediation and monitoring steps outlined in this report should be implemented without delay to protect against potential data breaches and system takeovers.