PHP Remote File Inclusion Vulnerability in Gavias Vizeon Business Consulting
CVE-2025-31064

8.1HIGH

Key Information:

Vendor: WordPress
Status: Vizeon - Business Consulting
Vendor: CVE Published:; 23 May 2025

What is CVE-2025-31064?

A vulnerability exists in Gavias Vizeon - Business Consulting, which allows for improper control of filenames in included or required PHP statements. This weakness can lead to local file inclusion, enabling attackers to execute arbitrary code and potentially compromise the integrity of the application. Affected versions include all from the initial release up to 1.1.7, making it critical for users to apply necessary security measures and updates to safeguard against potential exploits.

Affected Version(s)

Vizeon - Business Consulting <= 1.1.7

References

https://patchstack.com/database/wordpress/theme/vizeon/vu...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)

WordPress

What is CVE-2025-31064?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit