{"id":59321,"date":"2025-07-12T05:43:20","date_gmt":"2025-07-12T05:43:20","guid":{"rendered":""},"modified":"2025-10-21T05:39:00","modified_gmt":"2025-10-21T11:39:00","slug":"cve-2025-4414-critical-php-remote-file-inclusion-vulnerability-in-cmsmasters-content-composer","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-4414-critical-php-remote-file-inclusion-vulnerability-in-cmsmasters-content-composer\/","title":{"rendered":"CVE-2025-4414: Critical PHP Remote File Inclusion Vulnerability in CMSMasters Content Composer<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In the ever-evolving landscape of cybersecurity, vulnerabilities emerge that could potentially compromise our systems and leak sensitive data. One such vulnerability, identified as CVE-2025-4414, relates to an improper control of filename in PHP program that allows for PHP Local File Inclusion. This vulnerability presents a serious threat as it affects CMSMasters Content Composer, a widely used content management system<\/a>. It’s essential for all users of this software to be aware of the potential<\/a> risk and take the necessary steps to mitigate it.
\nThe impact of this vulnerability is significant, with a potential for system<\/a> compromise or data leakage. With a CVSS score of 8.1, it is clearly a high-risk vulnerability<\/a>. Any entity using CMSMasters Content Composer should prioritize this issue and act promptly to mitigate the risk<\/a>.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-4414
\nSeverity: High (CVSS: 8.1)
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: None
\nImpact: Potential system compromise or data<\/a> leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n