{"id":71659,"date":"2025-09-05T23:57:57","date_gmt":"2025-09-05T23:57:57","guid":{"rendered":""},"modified":"2025-11-03T21:09:27","modified_gmt":"2025-11-04T03:09:27","slug":"cve-2025-48149-php-remote-file-inclusion-vulnerability-in-cook-meal","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-48149-php-remote-file-inclusion-vulnerability-in-cook-meal\/","title":{"rendered":"CVE-2025-48149: PHP Remote File Inclusion Vulnerability in Cook&Meal<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In the ever-advancing sphere of cybersecurity, emerging threats and vulnerabilities constantly challenge the integrity of our digital systems. One such vulnerability, identified as CVE-2025-48149, exposes a critical weakness in the Cook&Meal software. This vulnerability, known as PHP Remote File Inclusion (RFI), allows an attacker to execute arbitrary PHP code remotely<\/a>. It affects all versions of Cook&Meal up to and including 1.2.3. Given the high severity score of 8.1 assigned by the Common Vulnerability Scoring System<\/a> (CVSS), it’s vital for users and administrators to understand the implications and take immediate remedial actions.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-48149
\nSeverity: High (8.1 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: None
\nImpact: System Compromise and\/or Data<\/a> Leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n