CVE-2025-58225
Published: 18 December 2025
Summary
CVE-2025-58225 is a high-severity PHP Remote File Inclusion (CWE-98) vulnerability in Axiomthemes Paragon. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2025-58225 by requiring timely patching or updating of the vulnerable Paragon WordPress theme to fix the improper filename control in PHP include/require.
Prevents exploitation of the PHP local file inclusion by validating and sanitizing user-supplied filenames to block malicious path traversal payloads.
Mitigates LFI by enforcing secure PHP configuration settings such as open_basedir restrictions and disabling allow_url_include to limit file access scope.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
T1190 directly matches exploitation of a public-facing WordPress application vulnerability; T1005 is facilitated by local file inclusion allowing unauthorized access to local files.
NVD Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Paragon paragon allows PHP Local File Inclusion.This issue affects Paragon: from n/a through <= 1.1.
Deeper analysisAI
CVE-2025-58225 is an Improper Control of Filename for Include/Require Statement in PHP Program vulnerability, classified as PHP Remote File Inclusion but enabling PHP Local File Inclusion (CWE-98), in the Paragon WordPress theme developed by axiomthemes. The issue affects all versions of Paragon up to and including 1.1. Published on 2025-12-18, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Unauthenticated remote attackers can exploit this vulnerability over the network without user interaction, though it requires high attack complexity. Successful exploitation allows attackers to perform local file inclusion, potentially leading to high-impact compromise of confidentiality, integrity, and availability, such as unauthorized access to local files on the server.
Mitigation guidance is provided in the Patchstack advisory at https://patchstack.com/database/Wordpress/Theme/paragon/vulnerability/wordpress-paragon-theme-1-1-local-file-inclusion-vulnerability?_s_id=cve.
Details
- CWE(s)