Cyber Resilience

CVE-2025-32614

High

Published: 11 April 2025

Published
11 April 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0133 80.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32614 is a high-severity PHP Remote File Inclusion (CWE-98) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 19.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2025-32614 is a PHP Local File Inclusion vulnerability (CWE-98) in the EventON Lite WordPress plugin (eventon-lite) developed by Ashan Perera. The flaw stems from improper control of filenames in include/require statements and affects all versions through 2.4.

An unauthenticated remote attacker can exploit the issue over the network by supplying a crafted request that triggers inclusion of arbitrary local files. With CVSS metrics indicating no privileges required and only user interaction needed, successful exploitation can result in disclosure of sensitive information, arbitrary code execution, or full compromise of the confidentiality, integrity, and availability of the affected site.

The sole advisory reference points to a Patchstack entry documenting the vulnerability in the EventON plugin. The EPSS score rose from a low baseline to a peak of 0.0372 before settling at the current value of 0.0133, indicating emerging exploitation interest after disclosure.

EU & UK References

Vulnerability details

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through <= 2.4.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References