Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Besa Besa Exposes Local Files to Attack
CVE-2025-67981
Summary
The Besa Besa software has a security weakness that allows an attacker to access and view files on the server. This can happen because the software doesn't properly check the names of files it tries to open. To fix this, update Besa Besa to a version newer than 2.3.15.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: f...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15.
nvd CVSS3.1
8.1
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026