CVE-2025-26985

Summary

CVE-2025-26985 is a filename manipulation vulnerability affecting Majestic Support, a PHP application used by an unknown number of versions from n/a to 1.0.6. The issue stems from the application's improper handling of include/require statements, leading to a Local File Inclusion (LFI) vulnerability. Attackers can exploit this flaw to access sensitive files on the affected system, potentially gaining unauthorized access or causing denial-of-service conditions. This vulnerability poses a significant risk, especially for websites or applications that use Majestic Support, and it is recommended that users upgrade to a patched version to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.