CVE-2025-49264

High CVSS 7.5

Overview

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login allows PHP Local File Inclusion. This issue affects Cloud SAML SSO - Single Sign On Login: from n/a through 1.0.18.

CWE: CWE-98 Published: 2025-08-14T11:15:39.617

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.5 (HIGH)
Detected tags: lfi, rfi (tag impact: HIGH)

Recommended actions:

Normalize paths, use allowlists; block user-controlled file paths.
Disable remote includes; enforce strict allowlists.

Overview

Recommended tools

Tags