PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-69110 ThemeREX CVE debrief

CVE-2025-69110 is an Unauthenticated Local File Inclusion vulnerability in AirSupply theme versions <= 2.0.0. The vulnerability has a CVSS score of 8.1 and is classified as HIGH. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The weakness is CWE-98. Users of AirSupply theme versions <= 2.0.0 should be aware of this vulnerability and take necessary actions to protect their systems. The CVE record was published on 2026-06-17T13:19:16.947Z and has not been modified since then.

Vendor
ThemeREX
Product
AirSupply
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Users of AirSupply theme versions <= 2.0.0, system administrators, security teams, and vulnerability management teams should be aware of this vulnerability and take necessary actions to protect their systems.

Technical summary

The vulnerability is an Unauthenticated Local File Inclusion in AirSupply theme versions <= 2.0.0. The CVSS score is 8.1, classified as HIGH. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The weakness is CWE-98. Affected systems may be vulnerable to unauthorized file inclusion, potentially leading to code execution or information disclosure.

Defensive priority

High priority due to the high CVSS score and the potential for unauthenticated local file inclusion.

Recommended defensive actions

  • Inventory and verify AirSupply theme versions <= 2.0.0
  • Apply patches or updates provided by the vendor
  • Monitor systems for suspicious activity
  • Consider compensating controls such as web application firewalls
  • Review system logs for potential exploitation attempts

Evidence notes

The CVE record was published on 2026-06-17T13:19:16.947Z and has not been modified since then. The NVD entry is currently Deferred. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify affected systems and review vendor guidance for specific mitigation steps.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T13:19:16.947Z and has not been modified since then.