A high-severity vulnerability has been identified in multiple axiomthemes Alright products, allowing an attacker to trick the server into including and potentially executing unintended local files. Successful exploitation could lead to sensitive information disclosure, such as reading configuration files, or a complete compromise of the web server. This vulnerability poses a significant risk to the confidentiality, integrity, and availability of the affected application and its underlying server.

The vulnerability is a Local File Inclusion (LFI) flaw rooted in the improper validation of user-supplied input used in PHP include or require statements. An unauthenticated remote attacker can manipulate a parameter in a web request to specify a path to an arbitrary file on the server's local file system. By using directory traversal sequences (e.g., ../../), the attacker can break out of the intended directory and force the application to include and render the contents of sensitive files, such as /etc/passwd or application configuration files containing database credentials. In some scenarios, if the attacker can also upload a file or poison a log file with malicious PHP code, this LFI can be escalated to remote code execution.

This is a High severity vulnerability with a CVSS score of 8.2. Exploitation could have severe consequences for the business, including the breach of sensitive corporate or customer data stored on the server. An attacker could read database credentials, API keys, and other secrets from configuration files, leading to further system compromise and lateral movement within the network. A successful remote code execution attack would grant the adversary full control over the web server, enabling them to deface the website, install malware or ransomware, or use the server as a pivot point for attacking other internal systems, resulting in significant financial and reputational damage.

Immediate Action: Organizations must apply the security updates provided by axiomthemes to all affected products immediately. Before and after patching, system administrators should review web server and application access logs for any evidence of exploitation attempts, such as requests containing directory traversal patterns.

Proactive Monitoring: Monitor web server access logs for suspicious requests containing directory traversal sequences like ../, ..%2f, or absolute file paths in URL parameters. Implement file integrity monitoring on critical system and application files to detect unauthorized changes. Network monitoring should be configured to alert on unusual outbound connections from the web server, which could indicate a successful compromise.

Compensating Controls: If patching is not immediately feasible, implement a Web Application Firewall (WAF) with rules specifically designed to detect and block LFI and directory traversal attacks. Additionally, harden the server's PHP configuration by ensuring allow_url_include is disabled and by using the open_basedir directive to restrict the file paths that PHP can access.

Public Exploit Available: false

Given the High severity (CVSS 8.2) of this vulnerability and its potential to enable full server compromise, immediate remediation is strongly recommended. Although CVE-2025-58893 is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, file inclusion flaws are a common target for opportunistic attackers due to their high impact and ease of exploitation. All organizations using affected axiomthemes products should prioritize applying the vendor-supplied patches to their systems without delay to mitigate the risk of a security breach.