A critical vulnerability has been discovered in the Cinerama WordPress theme by Edge-Themes, identified as CVE-2025-68987. This flaw allows an unauthenticated attacker to include and execute arbitrary files on the server, potentially leading to a complete system compromise. Due to its critical severity (CVSS 9.8) and the ease of exploitation, this vulnerability poses a significant and immediate risk to any organization using the affected theme.

The vulnerability is an Improper Control of a Filename for an Include/Require Statement, commonly known as a File Inclusion vulnerability. The Cinerama theme fails to properly sanitize user-supplied input that is used as a path in a PHP include or require function. An unauthenticated remote attacker can craft a special request to a vulnerable component of the theme, forcing the application to include and execute a malicious PHP file from either a local path on the server (Local File Inclusion - LFI) or a remote, attacker-controlled server (Remote File Inclusion - RFI). Successful exploitation results in arbitrary code execution with the permissions of the web server process.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected web server. The potential business impact is severe and includes, but is not limited to, theft of sensitive data (customer information, payment details, intellectual property), website defacement, deployment of ransomware, or using the compromised server as a pivot point for further attacks against the internal network. Such an incident could result in significant financial loss, regulatory fines, and severe reputational damage.

Immediate Action: Immediately update the Edge-Themes Cinerama theme to the latest version available from the vendor, which is confirmed to be later than version 2.4. After patching, it is crucial to monitor for any signs of post-exploitation activity and thoroughly review web server access logs for indicators of compromise that may have occurred before the patch was applied.

Proactive Monitoring: Security teams should actively monitor web server logs for requests containing common file inclusion patterns such as ../, ..\\, php://input, http://, or https:// in URL parameters. Monitor for unexpected outbound network connections from the web server, which could indicate a reverse shell. Additionally, monitor for the creation of suspicious files (e.g., PHP web shells) in web-accessible directories.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block file inclusion attack patterns.
• Harden the server's PHP configuration by disabling allow_url_fopen and allow_url_include to prevent Remote File Inclusion (RFI) attacks.
• Enforce the principle of least privilege by running the web server with minimal necessary permissions and restricting write access to web directories.

Public Exploit Available: true

Due to the critical CVSS score of 9.8 and the availability of public exploit code, this vulnerability requires immediate attention. All organizations using the Cinerama WordPress theme must prioritize applying the vendor-supplied patch without delay. Although this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its characteristics make it a prime candidate for future inclusion. Treat this vulnerability as an active threat and assume that unpatched systems will be compromised.