{"id":72917,"date":"2025-09-08T08:15:41","date_gmt":"2025-09-08T08:15:41","guid":{"rendered":""},"modified":"2025-09-26T19:45:54","modified_gmt":"2025-09-27T01:45:54","slug":"cve-2025-54716-php-remote-file-inclusion-vulnerability-in-ireca-by-ovatheme","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-54716-php-remote-file-inclusion-vulnerability-in-ireca-by-ovatheme\/","title":{"rendered":"CVE-2025-54716: PHP Remote File Inclusion Vulnerability in Ireca by ovatheme<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The critical vulnerability CVE-2025-54716 is a PHP Remote File Inclusion (RFI) flaw that exists in the Ireca product by the ovatheme. This vulnerability is capable of compromising systems or causing data leakage by exploiting the improper control of the filename for the Include\/Require statement in the PHP program. The impact of this vulnerability<\/a> is significant, as it affects all versions of Ireca up to 1.8.5. Addressing this vulnerability is a pressing issue for all Ireca<\/a> users to prevent potential cyber-attacks and secure their digital assets.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-54716
\nSeverity: Critical (8.1 CVSS Score)
\nAttack Vector: Network-based
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Potential system compromise<\/a> or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n