PHP Local File Inclusion in Axiomthemes Racquet Plugin

CVE-2025-69369 is a PHP Local File Inclusion (LFI) vulnerability affecting Axiomthemes Racquet versions through 1.12.0. The flaw stems from improper control of filenames in PHP include/require statements (CWE-98), allowing attackers to manipulate file paths and include arbitrary local files on the server. This is particularly dangerous for WordPress installations using this theme, as attackers can read sensitive configuration files, access database credentials stored in wp-config.php, retrieve other users' data, or chain the vulnerability with additional exploits. Any organization running the affected Racquet theme versions faces potential information disclosure and lateral movement risks.

While this CVE has no direct MITRE ATT&CK mapping, Casky's 754 security skills—powered by Claude AI's extended reasoning—would detect the attack patterns associated with file inclusion exploits through skills mapping to reconnaissance (T1592 - Gather Victim Org Information), credential access (T1555 - Credentials from Password Managers), and discovery techniques (T1083 - File and Directory Discovery). Practitioners using Casky would observe findings highlighting suspicious include/require parameter manipulation in request logs, unusual file path traversal patterns (../ sequences), and unexpected access attempts to sensitive files like configuration or source files. The platform's ability to correlate multiple indicators would flag the progression from initial reconnaissance through file enumeration to credential harvesting, enabling defenders to identify exploitation attempts before sensitive data exposure occurs.