CVE-2025-23948

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Jan 22, 2025

CWE ID 98

Summary

CVE-2025-23948 is a new filename vulnerability affecting WebArea Background animation blocks. This PHP Local File Inclusion (LFI) flaw, specifically a PHP Remote File Inclusion (RFI) issue, allows malicious actors to include arbitrary files on affected systems. The vulnerability exists due to improper control of filenames used in include or require statements. This issue impacts Background animation blocks with versions from n/a up to 2.1.5. Successful exploitation could lead to potential unauthorized access or system compromise.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2hbEdk
https://www.cve.org/CVERecord?id=CVE-2025-23948
https://nvd.nist.gov/vuln/detail/CVE-2025-23948

Back to Vulnerability Database

CVE-2025-23948

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations