PT-2025-49897 · Unknown · Select Core

Published

2025-12-09

Updated

2025-12-15

CVE-2025-67521

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Select Core versions prior to 2.6

Description An improper control of filename for include/require statement exists in Select Core, potentially allowing for PHP Local File Inclusion. This issue is related to PHP Remote File Inclusion.

Recommendations Update Select Core to version 2.6 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-98

Related Identifiers

CVE-2025-67521

Affected Products

Select Core

PT-2025-49897 · Unknown · Select Core

CVE-2025-67521

Weakness Enumeration

Related Identifiers

Affected Products

References · 4