A high-severity vulnerability has been discovered in multiple products from the vendor Improper. This flaw, identified as CVE-2025-60197, could allow an unauthenticated remote attacker to read sensitive files on the server, potentially exposing confidential data like system credentials, configuration files, and user information. Immediate application of vendor-provided security updates is necessary to mitigate the risk of data compromise and further system intrusion.

The vulnerability is a Local File Inclusion (LFI) flaw resulting from the improper sanitization of user-supplied input used in PHP include or require statements. An unauthenticated remote attacker can manipulate a file path parameter in a request to the affected application. By using directory traversal sequences (e.g., ../), the attacker can trick the application into including and displaying the contents of arbitrary files from the server's local file system that are readable by the web server process.

This vulnerability is rated as High severity with a CVSS score of 8.2. Successful exploitation could lead to significant data breaches by exposing sensitive information stored on the server, including application source code, database credentials, API keys, and system configuration files like /etc/passwd. The theft of such information could result in regulatory penalties, financial loss, reputational damage, and could serve as a foothold for attackers to escalate privileges and conduct more severe attacks against the organization's internal network.

Immediate Action: Apply vendor security updates immediately. System administrators should prioritize the deployment of the patches released by the vendor across all affected systems to eliminate the vulnerability. After patching, review web server access logs for any evidence of exploitation attempts that may have occurred prior to remediation.

Proactive Monitoring: Security teams should actively monitor web server logs for HTTP requests containing directory traversal patterns (e.g., ../, %2e%2e/) in URL parameters. Implement alerts for unusual file access attempts by the web server's user account. Network monitoring should be in place to detect any anomalous outbound traffic from affected servers, which could indicate data exfiltration.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Deploy a Web Application Firewall (WAF) with rules specifically configured to detect and block LFI and directory traversal attack patterns.
• Enforce the principle of least privilege by hardening file system permissions to ensure the web server process can only access files within the web root directory.
• If possible, disable dangerous PHP functions and ensure secure configurations are in place.

Public Exploit Available: false

Given the High severity (CVSS 8.2) of this vulnerability and its potential to cause a significant data breach, we recommend immediate and decisive action. Organizations must prioritize the application of the vendor-supplied security patches to all affected systems. Although this vulnerability is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its critical nature warrants treatment as a high-priority threat. Proactive monitoring and the implementation of compensating controls should be pursued to provide a defense-in-depth security posture.