CVE-2025-58225

High

Published: 18 December 2025

Published

18 December 2025

Modified

20 January 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0022 44.7th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Paragon paragon allows PHP Local File Inclusion.This issue affects Paragon: from n/a through <= 1.1.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates CVE-2025-58225 by requiring timely patching or updating of the vulnerable Paragon WordPress theme to fix the improper filename control in PHP include/require.

SI-10 Information Input Validation good match

prevent

Prevents exploitation of the PHP local file inclusion by validating and sanitizing user-supplied filenames to block malicious path traversal payloads.

CM-6 Configuration Settings partial match

prevent

Mitigates LFI by enforcing secure PHP configuration settings such as open_basedir restrictions and disabling allow_url_include to limit file access scope.

Security SummaryAI

CVE-2025-58225 is an Improper Control of Filename for Include/Require Statement in PHP Program vulnerability, classified as PHP Remote File Inclusion but enabling PHP Local File Inclusion (CWE-98), in the Paragon WordPress theme developed by axiomthemes. The issue affects all versions of Paragon up to and including 1.1. Published on 2025-12-18, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Unauthenticated remote attackers can exploit this vulnerability over the network without user interaction, though it requires high attack complexity. Successful exploitation allows attackers to perform local file inclusion, potentially leading to high-impact compromise of confidentiality, integrity, and availability, such as unauthorized access to local files on the server.

Mitigation guidance is provided in the Patchstack advisory at https://patchstack.com/database/Wordpress/Theme/paragon/vulnerability/wordpress-paragon-theme-1-1-local-file-inclusion-vulnerability?_s_id=cve.

Details

CWE(s): CWE-98

Affected Products

axiomthemes

paragon

≤ 1.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

T1190 directly matches exploitation of a public-facing WordPress application vulnerability; T1005 is facilitated by local file inclusion allowing unauthorized access to local files.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://patchstack.com/database/Wordpress/Theme/paragon/vulnerability/wordpress-paragon-theme-1-1-local-file-inclusion-vulnerability?_s_id=cve
audit@patchstack.com