Wiz
Vulnerability DatabaseCVE-2025-58995

CVE-2025-58995
WordPress vulnerability analysis and mitigation

Overview

A Local File Inclusion vulnerability was discovered in the Leblix WordPress Theme versions 2.4 and below, identified as CVE-2025-58995. The vulnerability was reported on September 15, 2025, by Tran Nguyen Bao Khanh from VCI - VNPT Cyber Immunity and was publicly disclosed on September 17, 2025. The affected software is the Leblix - Laboratory & Research WordPress Theme developed by PBM Infotech Private Limited (Patchstack VDP).

Technical details

The vulnerability is classified as a Local File Inclusion issue with a CVSS score of 8.1, indicating high severity. It falls under the OWASP Top 10 category A3: Injection. The vulnerability can be exploited without authentication, making it particularly dangerous (Patchstack VDP).

Impact

This vulnerability could allow malicious actors to include and display local files from the target website. Of particular concern is the potential access to files containing sensitive information such as database credentials, which could lead to a complete database compromise depending on the server configuration (Patchstack VDP).

Mitigation and workarounds

The vulnerability has been patched in version 2.5 of the Leblix theme. Users are strongly advised to update to version 2.5 or later immediately. Additionally, Patchstack has issued a mitigation rule to block potential attacks until users can update to the fixed version (Patchstack VDP).

Additional resources

SourceThis report was generated using AI

Related WordPress vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-13126HIGH7.5
  • wpforo
NoYesDec 14, 2025
CVE-2025-12537MEDIUM6.4
  • addon-elements-for-elementor-page-builder
NoYesDec 14, 2025
CVE-2025-9873MEDIUM6.4
  • a3-lazy-load
NoYesDec 13, 2025
CVE-2025-9856MEDIUM6.4
  • popup-builder
NoYesDec 13, 2025
CVE-2025-12696N/AN/A
  • hls-crm-form-shortcode
NoNoDec 14, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo