File Read Vulnerability in ThinkPHP 5.0.24
CVE-2025-63889
7.5HIGH
What is CVE-2025-63889?
The fetch function in the ThinkPHP framework's Template.php file allows attackers to exploit crafted file paths, potentially leading to unauthorized access to sensitive files on the server. This vulnerability arises from insufficient validation of user input in template values, enabling malicious actors to manipulate file paths and read arbitrary files within the application's environment.
