A high-severity vulnerability has been identified in multiple axiomthemes Algenix products, tracked as CVE-2025-58803. This flaw, a PHP Local File Inclusion (LFI), could allow an unauthenticated remote attacker to include and execute arbitrary files on the server, potentially leading to sensitive information disclosure or complete system compromise. Organizations using the affected software are urged to apply vendor-supplied patches immediately to mitigate significant security risks.

The vulnerability is a PHP Local File Inclusion (LFI) resulting from an "Improper Control of Filename for Include/Require Statement in PHP Program." An attacker can exploit this by manipulating an input parameter that the application uses to build a file path for an include() or require() statement. By crafting a malicious request containing path traversal sequences (e.g., ../../), an attacker can trick the application into including and executing a local file on the server's filesystem, outside of the intended directory. This could be used to read sensitive configuration files containing database credentials, system files like /etc/passwd, or, in some scenarios, achieve remote code execution if combined with a file upload capability.

With a CVSS score of 8.2, this vulnerability is rated as High severity. Successful exploitation could have a significant business impact, including unauthorized access to sensitive company data, customer information, and intellectual property stored on the server. An attacker could potentially escalate privileges and gain full control of the affected web server, leading to service disruption, reputational damage, and financial loss. The exposure of internal credentials could also enable an attacker to pivot to other systems within the corporate network, expanding the scope of the breach.

Immediate Action: Apply the security updates provided by axiomthemes immediately to all affected systems. After patching, it is crucial to monitor for any signs of exploitation attempts that may have occurred prior to remediation by thoroughly reviewing web server and application access logs.

Proactive Monitoring: Security teams should actively monitor web server access logs for suspicious requests containing path traversal characters (e.g., ../, ..%2f, ..\\) in URL parameters. Monitor for unusual PHP error messages in application logs that could indicate failed file inclusion attempts. System-level monitoring should be configured to alert on unexpected process execution by the web server user (e.g., www-data, apache).

Compensating Controls: If patching cannot be immediately deployed, implement the following compensating controls:

• Utilize a Web Application Firewall (WAF) with rules specifically designed to detect and block path traversal and file inclusion attacks.
• Harden the server's PHP configuration by disabling allow_url_include and restricting file access to necessary directories using the open_basedir directive.
• Ensure the web server process runs with the lowest possible privileges to limit the impact of a potential compromise.

Public Exploit Available: false

Given the high severity (CVSS 8.2) and the potential for complete server compromise, this vulnerability poses a significant risk to the organization. We strongly recommend that the vendor-provided security patches for axiomthemes Algenix products be treated as a critical priority and applied immediately across all affected assets. While this CVE is not yet on the CISA KEV list, its high-impact nature warrants urgent action. In parallel with patching, organizations should implement the recommended proactive monitoring and compensating controls to enhance their defensive posture against potential exploitation attempts.