A high-severity vulnerability has been discovered in multiple JanStudio Gecko products. This flaw, identified as a Local File Inclusion, allows an unauthenticated attacker to trick the application into executing or revealing the contents of sensitive files on the server, potentially leading to a full system compromise, data theft, and service disruption.

The vulnerability is a PHP Local File Inclusion (LFI) resulting from the improper sanitization of user-supplied input. An attacker can manipulate a parameter in a web request to include path traversal sequences (e.g., ../). The vulnerable application then uses this malicious input in a PHP include or require statement, causing the server to load and process a file from an arbitrary location on the local filesystem. This can be exploited to read sensitive files, such as configuration files containing credentials (/etc/passwd, wp-config.php), or, if combined with another capability like file upload or log poisoning, can lead to Remote Code Execution (RCE) by tricking the server into executing attacker-controlled code.

This is a High severity vulnerability with a CVSS score of 8.1. Successful exploitation could have severe consequences for the business. The primary impacts include a breach of confidentiality, as attackers can access sensitive corporate data, customer information, and intellectual property. If the vulnerability is escalated to achieve remote code execution, it could compromise the integrity and availability of the affected server, allowing attackers to install malware, deface websites, or cause a complete denial of service. The resulting financial and reputational damage from a data breach or system compromise could be substantial.

Immediate Action: Apply vendor-supplied security updates immediately across all affected systems, prioritizing internet-facing servers. After patching, it is critical to review web server access logs for any evidence of past or present exploitation attempts, looking for suspicious file path traversal patterns in request parameters.

Proactive Monitoring:

• Log Analysis: Continuously monitor web server and application logs for requests containing directory traversal sequences like ../, ..\/, or absolute file paths in unexpected parameters.
• File Integrity Monitoring (FIM): Implement FIM on web servers to detect unauthorized changes to application code, configuration files, or the creation of suspicious new files in the web root.
• Network Monitoring: Monitor for unusual outbound network connections from affected servers, which could indicate a successful compromise and communication with a command-and-control (C2) server.

Compensating Controls: If patching cannot be performed immediately, implement the following controls:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block LFI and directory traversal attack patterns.
• Harden the server's PHP configuration by disabling allow_url_include and restricting the file paths the application can access using the open_basedir directive.
• Ensure the web server process runs with the lowest possible user privileges to limit an attacker's ability to access or modify critical system files.

Public Exploit Available: false

CVE-2025-69080 represents a significant risk to the organization due to its high severity and the potential for complete server compromise. We strongly recommend that the immediate action plan be executed without delay. All affected JanStudio Gecko products must be patched on an emergency basis. Although this CVE is not currently on the CISA KEV list, its high CVSS score and the critical nature of LFI flaws require that it be treated as an imminent threat. Organizations should prioritize patching and implement the recommended monitoring and compensating controls to protect against potential exploitation.