CVE-2025-63888
Published: 20 November 2025
Description
The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability.
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely identification, reporting, and correction of the RCE vulnerability in ThinkPHP's File.php read function to eliminate the exploitable flaw.
Requires validation of inputs to the vulnerable read function to block malicious file paths enabling remote file inclusion and subsequent RCE.
Vulnerability scanning and monitoring detects the presence of CVE-2025-63888 in ThinkPHP 5.0.24 deployments for proactive remediation.
Security SummaryAI
CVE-2025-63888, published on 2025-11-20, is a remote code execution vulnerability in the read function of the file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-98.
The vulnerability enables remote exploitation over the network with low attack complexity, requiring no privileges or user interaction. Unauthenticated attackers can leverage it to achieve high impacts on confidentiality, integrity, and availability, resulting in arbitrary remote code execution on affected systems.
Advisories with further details, including potential mitigation guidance, are available at the following references: https://gist.github.com/Master-0-0/0bf54cbb335b586b42b0db0db804e7aa and https://www.yuque.com/lcc316/df0kgm/mglhbxltgbmzfh2s.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-63888 is an unauthenticated remote code execution vulnerability in the public-facing ThinkPHP web framework, directly enabling exploitation of public-facing applications.