CVE-2025-26986

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Mar 26, 2025

Updated: Mar 27, 2025

CWE ID 98

Summary

CVE-2025-26986 is a critical vulnerability affecting the Pearl - Corporate Business theme for PHP. The issue stems from an improper control of filename for include/require statements, enabling PHP Local File Inclusion. attackers can exploit this vulnerability to execute arbitrary code on affected systems. This flaw poses a significant risk, as it can lead to serious security breaches. The vulnerability is present in all versions of Pearl - Corporate Business prior to 3.4.8. It is essential that users upgrade to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3cvCbk
https://www.cve.org/CVERecord?id=CVE-2025-26986
https://nvd.nist.gov/vuln/detail/CVE-2025-26986

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-26986

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations