CVE-2025-27272

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 24, 2025

CWE ID 98

Summary

CVE-2025-27272 is a filename vulnerability affecting the VG PostCarousel PHP module. The issue resides in the inadequate control of filename for include/require statements, resulting in a Local File Inclusion (LFI) vulnerability. An attacker can exploit this flaw to access and execute arbitrary local files, posing a serious threat to the confidentiality and integrity of affected systems. The vulnerability is present in VG PostCarousel versions from n/a through 1.1. Updating to a secure version or implementing appropriate security measures is highly recommended to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3lx_qx
https://www.cve.org/CVERecord?id=CVE-2025-27272
https://nvd.nist.gov/vuln/detail/CVE-2025-27272

Back to Vulnerability Database

CVE-2025-27272

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations