CVE-2025-2294
Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- March 13, 2025
- Published Date
- March 28, 2025
- Last Updated
- March 28, 2025
- Vendor
- extendthemes
- Product
- Kubio AI Page Builder
- Description
- The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
- Tags
- Score
- 43.30% (Percentile: 97.37%) as of 2025-07-17
- Exploitation
- none
- Automatable
- Yes
- Technical Impact
- total
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
SSVC Information
References
Known Exploited Vulnerability Information
Source | Added Date |
---|---|
The Shadowserver (via CIRCL) | 2025-06-25 12:00:10 UTC |
Scanner Integrations
Scanner | URL | Date Detected |
---|---|---|
Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-2294.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
romanedutov/CVE-2025-2294
Type: github • Created: 2025-04-26 16:59:17 UTC • Stars: 0
rhz0d/CVE-2025-2294
Type: github • Created: 2025-04-15 19:27:16 UTC • Stars: 0
realcodeb0ss/CVE-2025-2294-PoC
Type: github • Created: 2025-04-03 23:00:09 UTC • Stars: 0
mrrivaldo/CVE-2025-2294
Type: github • Created: 2025-03-31 11:51:07 UTC • Stars: 0
Nxploited/CVE-2025-2294
Type: github • Created: 2025-03-27 19:09:51 UTC • Stars: 1
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Detected by Nuclei
-
Proof of Concept Exploit Available
-
Added to KEVIntel