CVE-2025-52814 – Ovatheme BRW PHP RFI Vulnerability

June 27, 2025

CVE ID : CVE-2025-52814

Published : June 27, 2025, 12:15 p.m. | 2 hours, 14 minutes ago

Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ovatheme BRW allows PHP Local File Inclusion. This issue affects BRW: from n/a through 1.7.9.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-52815 – AncoraThemes CityGov PHP Remote File Inclusion Vulnerability

Next Article CVE-2025-52812 – ApusWP Domnoo PHP Local File Inclusion Vulnerability

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

Forget YouTube’s ad blocker war — this Google AI Overviews clone might finally sell me on the $14/month Premium subscription

Say hello to ECMAScript 2025

Say hello to ECMAScript 2025

Ecma International approves ECMAScript 2025: What’s new?

Building Together: PRFT Colleagues Volunteer with Atlanta Habitat for Humanity

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

CVE-2025-52814 – Ovatheme BRW PHP RFI Vulnerability

CVE-2023-28902 – Skoda MIB3 Infotainment Unit Integer Underflow Denial-of-Service Vulnerability

CVE-2023-28906 – Skoda MIB3 Infotainment Command Injection Vulnerability

Zimbra Classic Web Client Vulnerability Let Attackers Execute Arbitrary JavaScript

CVE-2025-46520 – Alphasis Related Posts CSRF Stored XSS

Snyk announces new DAST solution for securing APIs and web apps

Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito

As the “Skyblivion” mod is on track for a 2025 launch, the team praises the leaked Elder Scrolls 4: Oblivion Remastered

RAG can make AI models riskier and less reliable, new research shows

Integrating Optimizely CMS with Azure AI Search – A Game-Changer for Site Search

RefreshOS is a distribution built on the robust foundation of Debian