CVE-2025-63889

Name of the Vulnerable Software and Affected Versions ThinkPHP version 5.0.24

Description The fetch function within the thinkphplibrarythinkTemplate.php file in ThinkPHP 5.0.24 has a flaw that allows attackers to read arbitrary files by using a specially crafted file path within a template value. The function does not properly sanitize the file path, potentially leading to unauthorized file access.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the fetch function or carefully validate all file paths used in template values to prevent unauthorized file access.