PHP Local File Inclusion in Axiomthemes Fermentio Plugin

CVE-2025-58897 represents a critical vulnerability in the Axiomthemes Fermentio plugin (versions through 1.5.0) that stems from improper control of filenames in PHP include/require statements. This Local File Inclusion (LFI) vulnerability allows attackers to manipulate file paths and read or execute arbitrary files on the affected server. WordPress sites running vulnerable versions of Fermentio face significant risk, as attackers can exploit this weakness to access sensitive configuration files, source code, or other protected resources without requiring authentication. The vulnerability affects a broad range of users relying on this popular theme component.

While MITRE ATT&CK techniques are not yet mapped to this specific CVE, Casky's 754 security skills—powered by Claude AI's extended reasoning capabilities—would identify exploitation patterns consistent with Discovery and Exfiltration phases. A security practitioner using Casky would observe attack indicators such as suspicious file path traversal patterns in HTTP requests (../ sequences), unusual include/require statements referencing external or system files, and access logs showing requests targeting configuration files like wp-config.php or /etc/passwd. The platform's skill set would detect anomalous behavior suggesting CWE-98 exploitation, including file access attempts that deviate from normal application behavior, helping practitioners rapidly identify and contain active exploitation attempts before attackers establish persistence or move laterally within the environment.