{"id":64308,"date":"2025-08-25T09:22:07","date_gmt":"2025-08-25T09:22:07","guid":{"rendered":""},"modified":"2025-09-07T05:20:03","modified_gmt":"2025-09-07T11:20:03","slug":"cve-2025-54689-high-risk-php-remote-file-inclusion-vulnerability-in-urna","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-54689-high-risk-php-remote-file-inclusion-vulnerability-in-urna\/","title":{"rendered":"CVE-2025-54689: High Risk PHP Remote File Inclusion Vulnerability in Urna<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The digital world we live in provides a platform for countless advancements and opportunities. However, it also presents an array of vulnerabilities that could potentially compromise the integrity and security of systems and data. One such vulnerability is CVE-2025-54689, a PHP Remote File<\/a> Inclusion (RFI) vulnerability in the Urna theme. The affected systems are those using Urna versions<\/a> up to and including 2.5.7.
\nThis vulnerability is a critical<\/a> flaw due to the high severity score of 8.1. It allows hackers to manipulate PHP’s<\/a> include\/require statements to execute arbitrary PHP code or include files from remote servers. The potential risk includes system compromise and data leakage<\/a>, which could have catastrophic consequences for businesses and individuals alike.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-54689
\nSeverity: High (CVSS: 8.1)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Potential system compromise<\/a> or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n