What is CVE-2026-28025?

A high-severity vulnerability has been identified in ThemeREX Stargaze, allowing PHP local file inclusion. This poses a risk to confidentiality, integrity, and availability. Organizations must prioritize patching.

What is the severity of CVE-2026-28025?

CVE-2026-28025 has a severity rating of HIGH with a CVSS base score of 8.1.

CVE-2026-28025 | High Vulnerability in ThemeREX Stargaze

A high-severity vulnerability has been identified in ThemeREX Stargaze, specifically affecting versions up to 1.5. This vulnerability allows for PHP local file inclusion due to improper control of the filename for include/require statements. The CVSS score for this vulnerability is 8.1, indicating significant risk and potential impact on affected systems.

The vulnerability is classified under CWE-98, which deals with improper control of filename for include/require statements in PHP programs. Attackers may leverage this vulnerability to gain unauthorized access to sensitive files, risking the confidentiality, integrity, and availability of the application.

Organizations using ThemeREX Stargaze must take this vulnerability seriously. The vulnerability's deferred status indicates that although it is recognized, it requires immediate attention to mitigate potential exploitation. Organizations should prioritize patching immediately.

As of now, there are no known public exploits or proofs of concept available for this vulnerability. However, the risk remains high, and defenders should remain vigilant.

Vulnerability Details

The vulnerability allows PHP local file inclusion due to improper control of the filename in the include/require statements. This affects ThemeREX Stargaze versions up to 1.5 and is classified as a high-severity vulnerability with a CVSS score of 8.1. The vulnerability was published on March 5, 2026. The corresponding CWE classification is CWE-98.

Technical Analysis

The root cause of this vulnerability stems from the improper handling of filenames within the PHP code of the ThemeREX Stargaze theme. The attack vector is network-based, allowing an attacker to potentially exploit this vulnerability remotely without requiring any privileges or user interaction.

The attack complexity is rated as high, implying that successfully exploiting this vulnerability may require advanced knowledge or specific conditions to be met. The impacts of this vulnerability are significant, with high confidentiality, integrity, and availability impacts.

Risk & Impact Analysis

The improper control of filename vulnerability presents a serious risk to organizations using the affected versions of ThemeREX Stargaze. If successfully exploited, attackers could gain unauthorized access to sensitive files, leading to potential data breaches and significant operational disruptions.

The risk assessment indicates that organizations should address this vulnerability in their priority patch cycle. The potential blast radius could affect a wide range of systems if not remediated promptly.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions of ThemeREX Stargaze prior to the vendor patch are affected, specifically versions from n/a through 1.5.

Mitigation & Remediation

Organizations should prioritize patching immediately. To remediate this vulnerability, it is critical to upgrade to the latest version of ThemeREX Stargaze. If a patch is not immediately available, consider implementing network controls to limit access to the affected systems.

Further, organizations can enhance their security posture by engaging in penetration testing to identify and mitigate similar vulnerabilities.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor for unusual file access patterns and log indicators related to PHP include/require statements. Behavioral anomalies in web application performance can also indicate exploitation. Establish network signatures to detect unauthorized access attempts.

AppSecure Threat Intelligence Insight

The identification of this vulnerability underscores the ongoing challenges in web application security. Security teams should be aware of the trends in vulnerabilities like local file inclusion and ensure rigorous testing and validation processes are in place.

Organizations should learn from this incident and consider leveraging comprehensive security frameworks. For more insights on how to strengthen your security measures, explore our penetration testing methodology and the importance of a proactive approach in vulnerability management.

Additionally, organizations might consider adopting a vulnerability management program to continuously assess their security posture and mitigate risks.

Lastly, consider engaging with our security testing best practices guide to fortify your defenses against evolving threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-28025: High Vulnerability in ThemeREX Stargaze