{"id":72781,"date":"2025-09-08T04:13:38","date_gmt":"2025-09-08T04:13:38","guid":{"rendered":""},"modified":"2025-10-03T12:33:16","modified_gmt":"2025-10-03T18:33:16","slug":"cve-2025-53578-critical-php-remote-file-inclusion-vulnerability-in-gavias-kipso","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-53578-critical-php-remote-file-inclusion-vulnerability-in-gavias-kipso\/","title":{"rendered":"CVE-2025-53578: Critical PHP Remote File Inclusion Vulnerability in gavias Kipso<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The latest in a string of high-severity vulnerabilities, CVE-2025-53578, is an ‘Improper Control of Filename for Include\/Require Statement in PHP Program’ (also known as ‘PHP Remote File Inclusion’) vulnerability. This flaw, found in gavias Kipso, permits PHP Local File Inclusion, thus creating an opening for potential system compromise or data leakage.
\nDealing with a CVSS Severity Score of 8.1, it’s crucial for organisations using gavias Kipso up to and including version 1.3.4 to understand the implications of this vulnerability<\/a>, its potential effect on their systems, and the steps they can take to mitigate its risks.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-53578
\nSeverity: High, CVSS score 8.1
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: None
\nImpact: Potential system compromise<\/a> or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n