A high-severity vulnerability has been identified in multiple AndonDesign UDesign products, assigned CVE-2025-63062. This flaw allows an attacker to include and execute unintended files on the server, potentially leading to the disclosure of sensitive information or a full system compromise. Organizations using the affected software are at significant risk of data breaches and unauthorized access until the recommended security updates are applied.

The vulnerability is a Local File Inclusion (LFI) flaw within the UDesign Core component. It exists because the application fails to properly sanitize user-supplied input used in PHP include or require statements. An unauthenticated remote attacker can exploit this by crafting a special request that manipulates a file path, tricking the application into including and processing arbitrary files from the local server's filesystem. This could allow an attacker to read sensitive configuration files (e.g., database credentials), system files (e.g., /etc/passwd), or, if combined with a file upload capability, achieve remote code execution.

This vulnerability is rated as high severity with a CVSS score of 7.6. Successful exploitation could have a severe impact on the business, leading to a significant data breach through the theft of sensitive company, employee, or customer information. If the vulnerability is escalated to achieve remote code execution, an attacker could gain complete control over the affected web server, enabling them to install malware, pivot to other internal systems, or disrupt critical business operations. The resulting financial loss, reputational damage, and regulatory penalties could be substantial.

Immediate Action: The primary remediation is to apply the security updates provided by AndonDesign immediately across all affected systems. After patching, it is crucial to review web server access logs and system logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Security teams should actively monitor for exploitation attempts. In web server access logs, look for suspicious requests containing directory traversal patterns (e.g., ../, %2e%2e/) or attempts to access common sensitive files (e.g., wp-config.php, .env, /etc/passwd). Monitor for unusual outbound network connections from the web server, which could indicate a successful compromise. File Integrity Monitoring (FIM) should be used to detect unexpected changes to files within the web application directory.

Compensating Controls: If immediate patching is not feasible, the following compensating controls can reduce the risk:

• Web Application Firewall (WAF): Implement a WAF with rulesets designed to detect and block LFI and directory traversal attack patterns.
• PHP Hardening: Ensure the PHP configuration (php.ini) is hardened by setting allow_url_include to Off and configuring open_basedir to strictly limit the directories from which PHP can access files.
• File Permissions: Apply the principle of least privilege to the web server's file system. The web server user account should not have permission to read sensitive files outside of the web root directory.

Public Exploit Available: false

Given the high CVSS score of 7.6 and the potential for complete system compromise, this vulnerability requires immediate attention. All organizations using AndonDesign UDesign products must prioritize the deployment of the vendor-provided security patches. The risk of sensitive data exposure and remote code execution is significant. While not yet listed in the CISA KEV catalog, the ease of exploitation for this type of flaw means that organizations should assume they are a target and act decisively to mitigate this threat.