CVE-2025-5804

Published April 10, 2026 · Updated April 10, 2026

7.5CVSS

high

What This Means

CVE-2025-5804 is a high-severity vulnerability in the Case Theme User plugin for PHP, which allows for local file inclusion due to improper filename control. An attacker can exploit this flaw to execute arbitrary PHP code on the server by including files from the local filesystem. It is recommended to upgrade the Case Theme User to version 1.0.4 or later to mitigate this risk.

Official Description+

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4.

Recommended Actions

Check if your systems use any of the affected products listed above.
Apply vendor patches immediately if available.
Monitor vendor advisories for updates and additional mitigations.
Review logs for indicators of compromise related to CVE-2025-5804.

Related Coverage

Vvulnerability

CVE-2025-5804: High-Severity Local File Inclusion in Case Theme User Plugin

CVE-2025-5804 is a high-severity local file inclusion vulnerability in the Case Theme User plugin for PHP. It allows arbitrary code execution via improper filename control. Upgrade to version 1.0.4 or later to mitigate this risk.

NVD·7h ago·3 min read