CVE-2025-8913
Published: 13 August 2025
Summary
CVE-2025-8913 is a critical-severity PHP Remote File Inclusion (CWE-98) vulnerability in Wellchoose Organization Portal System. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2025-8913 is a Local File Inclusion flaw, tracked as CWE-98, in the Organization Portal System developed by WellChoose. It permits unauthenticated remote attackers to execute arbitrary code on the server and carries a CVSS 4.0 score of 9.3 reflecting a network attack vector, low attack complexity, and no requirements for privileges or user interaction.
Unauthenticated remote attackers can exploit the weakness to include and run arbitrary files on the server, achieving full control over the affected system with high impact to confidentiality, integrity, and availability.
Taiwan CERT has published technical advisories for the issue at the referenced URLs.
The associated EPSS score remains low at 0.0154 with no increase from its recorded peak.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24549
Vulnerability details
Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
LFI vulnerability in public-facing web portal directly enables unauthenticated remote code execution via exploitation of the application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents LFI exploitation by validating user inputs to block path traversal and arbitrary local file inclusion leading to RCE.
Mitigates the specific LFI vulnerability through timely identification, patching, and remediation of the flaw in the Organization Portal System.
Enforces logical access controls to restrict unauthorized reading of local files that could be exploited via the LFI vulnerability.