PHP Local File Inclusion in Axiomthemes Confidant Plugin

CVE-2025-53440 represents a critical PHP Local File Inclusion (LFI) vulnerability in Axiomthemes Confidant versions up to 1.4, stemming from improper control of filenames in include/require statements (CWE-98). This vulnerability allows attackers to include and execute arbitrary local files on the server, potentially exposing sensitive configuration files, source code, or triggering remote code execution when combined with file upload mechanisms. WordPress site administrators using the Confidant theme are directly affected, as the vulnerability can be exploited without authentication, making it a high-risk issue despite not yet appearing in CISA's actively exploited vulnerabilities list.

While this CVE lacks direct MITRE ATT&CK technique mappings, Casky's 754 security skills mapped to the framework can identify the attack patterns underlying LFI exploitation through detection of file access anomalies and suspicious include/require patterns. Practitioners using Casky would observe security findings related to techniques like T1083 (File and Directory Discovery) and T1190 (Exploit Public-Facing Application), as attackers typically probe for sensitive files through parameter manipulation. Extended reasoning capabilities would help correlate suspicious path traversal patterns (../, ..\) in web requests with actual file system access attempts, enabling defenders to distinguish legitimate include operations from exploitation attempts and implement targeted input validation controls before this vulnerability can be weaponized.