CVE-2025-58967
Published: 22 October 2025
Summary
CVE-2025-58967 is a high-severity PHP Remote File Inclusion (CWE-98) vulnerability in Thememove Businext. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely remediation and patching of the vulnerable Businext WordPress theme to version 2.4.4 or later.
Prevents exploitation of the improper filename control in PHP include/require by validating inputs to block malicious local file inclusion paths.
Identifies the PHP LFI vulnerability in the Businext theme through regular vulnerability scanning, enabling proactive remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
LFI vuln in public-facing WordPress theme directly enables exploitation of web application for code execution via arbitrary PHP file inclusion, mapping to initial access and web shell deployment.
NVD Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects Businext: from n/a through < 2.4.4.
Deeper analysisAI
CVE-2025-58967 is an Improper Control of Filename for Include/Require Statement in PHP Program vulnerability, known as PHP Remote File Inclusion, that enables PHP Local File Inclusion in the Businext WordPress theme developed by ThemeMove. This issue affects all versions of the Businext theme from n/a through those prior to 2.4.4. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-98.
Remote, unauthenticated attackers can exploit this vulnerability over the network without requiring user interaction, though exploitation demands high attack complexity. Successful attacks can result in high impacts to confidentiality, integrity, and availability, allowing attackers to include and potentially execute arbitrary local PHP files on the server.
The Patchstack advisory at https://patchstack.com/database/Wordpress/Theme/businext/vulnerability/wordpress-businext-theme-2-4-4-local-file-inclusion-vulnerability?_s_id=cve indicates that the vulnerability is addressed in Businext version 2.4.4. Mitigation involves updating affected WordPress sites running the Businext theme to version 2.4.4 or later.
Details
- CWE(s)