A high-severity vulnerability has been identified in multiple zozothemes Corpkit products, designated as CVE-2025-67925. This flaw allows an attacker to trick the application into including and executing unintended files from the server, potentially leading to sensitive information disclosure or complete system compromise. Organizations using the affected software are at significant risk of data breaches and unauthorized access.

The vulnerability is a Local File Inclusion (LFI) flaw resulting from an Improper Control of a Filename used in a PHP include or require statement. An unauthenticated remote attacker can manipulate input parameters, typically in a URL, to include path traversal sequences (e.g., ../../). This forces the application to read and process arbitrary files from the local server filesystem, granting the attacker access to sensitive data such as configuration files, application source code, or system files like /etc/passwd. If the attacker can combine this with a file upload capability or poison a log file, this LFI can be escalated to achieve Remote Code Execution (RCE).

With a CVSS score of 8.1, this vulnerability is rated as High severity. Successful exploitation could lead to significant business consequences, including the unauthorized disclosure of sensitive corporate data, customer information, or intellectual property. An attacker could leverage this access to escalate privileges, pivot to other internal systems, or, in a worst-case scenario, execute arbitrary code to take full control of the web server. Such an incident could result in severe reputational damage, regulatory fines, and operational disruption.

Immediate Action: The primary remediation is to apply the security updates provided by zozothemes to all affected products immediately. After patching, it is critical to review web server and application access logs for any signs of exploitation attempts that may have occurred prior to the patch.

Proactive Monitoring: Security teams should actively monitor for indicators of compromise. This includes searching web server logs for suspicious requests containing directory traversal patterns (../, ..%2F) in URL parameters. Monitor for unusual outbound network traffic from the web server and look for unexpected PHP errors or file access errors in application logs, which could indicate failed exploitation attempts.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to detect and block LFI and directory traversal attack patterns. Additionally, ensure PHP configurations are hardened by disabling dangerous functions and enforcing strict input validation and sanitization on all user-supplied data used in file operations.

Public Exploit Available: false

Given the high severity (CVSS 8.1) and the potential for full system compromise, this vulnerability presents a significant risk to the organization. Although it is not currently listed on the CISA KEV list, its impact makes it a prime candidate for future exploitation. We strongly recommend that the vendor-supplied security updates be prioritized and applied to all affected systems as an urgent matter to prevent potential compromise.