CVE-2025-26979

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 25, 2025

CWE ID 98

Summary

CVE-2025-26979 is a filename manipulation vulnerability affecting FunnelKit Funnel Builder. This issue, classified as a PHP Remote File Inclusion (RFI) vulnerability, allows an attacker to include and execute arbitrary local PHP files on affected versions of Funnel Builder (from n/a through 3.9.0). By exploiting this vulnerability, an attacker could potentially gain unauthorized access to sensitive data or execute arbitrary code, posing a significant risk to the security of affected systems. It is essential to update FunnelBuilder to a patched version as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3cv0Zg
https://www.cve.org/CVERecord?id=CVE-2025-26979
https://nvd.nist.gov/vuln/detail/CVE-2025-26979

Back to Vulnerability Database

CVE-2025-26979

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations