{"id":55891,"date":"2025-06-29T03:27:44","date_gmt":"2025-06-29T03:27:44","guid":{"rendered":""},"modified":"2025-08-31T18:38:18","modified_gmt":"2025-09-01T00:38:18","slug":"cve-2025-49253-high-severity-php-remote-file-inclusion-vulnerability-in-thembay-lasa","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-49253-high-severity-php-remote-file-inclusion-vulnerability-in-thembay-lasa\/","title":{"rendered":"CVE-2025-49253: High Severity PHP Remote File Inclusion Vulnerability in Thembay Lasa<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In the rapidly evolving world of cybersecurity, vulnerabilities are discovered and patched regularly. One such vulnerability has recently come to light that affects users of Thembay’s Lasa PHP program. The vulnerability, identified as CVE-2025-49253, concerns an improper control of the filename for include\/require statement, which can lead to a PHP Remote File Inclusion<\/a> (RFI). This vulnerability is especially critical<\/a> as it could potentially lead to a system compromise or data leakage if exploited by malicious actors.
\nThe severity of this vulnerability<\/a> is significant, evidenced by its CVSS score of 8.1. Therefore, it is essential for all users and administrators of Thembay Lasa to understand the details of this vulnerability and take immediate steps to mitigate its potential<\/a> impact.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-49253
\nSeverity: High, CVSS Score 8.1
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: Required
\nImpact: System compromise<\/a>, data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n