CVE-2025-60199
CVSS 8.2 High
- CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Published: 2025-11-06T16:16:05.267
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in dedalx InHype – Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype – Blog & Magazine WordPress Theme: from n/a through <= 1.5.2.
Related CVE by CWE
No related CWE found.
Top CVE for Vendor
No vendor taxonomy on this entry.
Recently Exploited Similar Vulnerabilities
No recent KEV-listed items for this vendor/product.
How to fix CVE-2025-60199
CVE-2025-60199 is a high severity vulnerability affecting the affected product.
Description: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in dedalx InHype – Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype – Blog & Magazine WordPress Theme: from n/a through <= 1.5.2. Related CVE by CWENo related CWE found.Top CVE for VendorNo vendor […]
Exploit Difficulty: EASY
⏱️ Time to exploit: < 1 hour
🛠️ Required skills: Basic web security knowledge
💰 Public exploits: Likely available
How to Fix:
- Check if you're running the affected product
- Update to the latest patched version
- If patching is not immediately possible: restrict network exposure, apply least-privilege access
- Test the fix in a staging environment first
- Review logs for signs of exploitation
- Monitor for IOCs (Indicators of Compromise)
- Enable automatic security updates
- Set up vulnerability monitoring
- Review and harden security configurations
Description: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in dedalx InHype – Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype – Blog & Magazine WordPress Theme: from n/a through <= 1.5.2. Related CVE by CWENo related CWE found.Top CVE for VendorNo vendor […]
Exploit Difficulty: EASY
⏱️ Time to exploit: < 1 hour
🛠️ Required skills: Basic web security knowledge
💰 Public exploits: Likely available
How to Fix:
1 Identify affected systems
- Check if you're running the affected product
2 Immediate actions
- Update to the latest patched version
- If patching is not immediately possible: restrict network exposure, apply least-privilege access
3 Verification
- Test the fix in a staging environment first
- Review logs for signs of exploitation
- Monitor for IOCs (Indicators of Compromise)
4 Long-term prevention
- Enable automatic security updates
- Set up vulnerability monitoring
- Review and harden security configurations
Exploit Difficulty Assessment
EASY
Time to Exploit: < 1 hour
Skills Required: Basic web security knowledge
Public Exploits: Likely available
Vulnerability Timeline
Nov 06, 2025
Vulnerability Published
CVE details first published to NVD database
Nov 12, 2025
Imported to Database
Added to this CVE tracking system
Detection Rules & IOCs
No specific detection rules generated for this vulnerability type.
No vendor/product data available.