CVE-2025-60069
Published: 18 December 2025
Summary
CVE-2025-60069 is a high-severity PHP Remote File Inclusion (CWE-98) vulnerability in Thememove Minimogwp. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates validation of filename inputs in PHP include/require statements to prevent improper control leading to local file inclusion in the MinimogWP theme.
Requires timely identification, reporting, and patching of the specific PHP LFI flaw affecting MinimogWP versions through <= 3.9.6.
Vulnerability scanning detects PHP remote/local file inclusion issues like CVE-2025-60069 in WordPress themes and drives remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
LFI vulnerability in public-facing WordPress theme exploited remotely via T1190 (Exploit Public-Facing Application); enables reading and executing local files, facilitating T1005 (Data from Local System).
NVD Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6.
Deeper analysisAI
CVE-2025-60069 is an Improper Control of Filename for Include/Require Statement in PHP Program vulnerability, classified as PHP Remote File Inclusion but enabling PHP Local File Inclusion, affecting the ThemeMove MinimogWP theme for WordPress. The issue impacts MinimogWP versions from n/a through 3.9.6 and is associated with CWE-98. Published on 2025-12-18, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
The vulnerability can be exploited remotely over the network by unauthenticated attackers with no required privileges or user interaction, though it demands high attack complexity. Successful exploitation grants high-impact access to confidential data, integrity modifications, and availability disruptions, potentially allowing attackers to include and execute local files on the server.
Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Theme/minimog/vulnerability/wordpress-minimogwp-theme-3-9-2-local-file-inclusion-vulnerability?_s_id=cve, which documents the Local File Inclusion vulnerability in the MinimogWP theme.
Details
- CWE(s)