PatchSiren cyber security CVE debrief
CVE-2025-69110 ThemeREX CVE debrief
CVE-2025-69110 is an Unauthenticated Local File Inclusion vulnerability in AirSupply theme versions <= 2.0.0. The vulnerability has a CVSS score of 8.1 and is classified as HIGH. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The weakness is CWE-98. Users of AirSupply theme versions <= 2.0.0 should be aware of this vulnerability and take necessary actions to protect their systems. The CVE record was published on 2026-06-17T13:19:16.947Z and has not been modified since then.
- Vendor
- ThemeREX
- Product
- AirSupply
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Users of AirSupply theme versions <= 2.0.0, system administrators, security teams, and vulnerability management teams should be aware of this vulnerability and take necessary actions to protect their systems.
Technical summary
The vulnerability is an Unauthenticated Local File Inclusion in AirSupply theme versions <= 2.0.0. The CVSS score is 8.1, classified as HIGH. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The weakness is CWE-98. Affected systems may be vulnerable to unauthorized file inclusion, potentially leading to code execution or information disclosure.
Defensive priority
High priority due to the high CVSS score and the potential for unauthenticated local file inclusion.
Recommended defensive actions
- Inventory and verify AirSupply theme versions <= 2.0.0
- Apply patches or updates provided by the vendor
- Monitor systems for suspicious activity
- Consider compensating controls such as web application firewalls
- Review system logs for potential exploitation attempts
Evidence notes
The CVE record was published on 2026-06-17T13:19:16.947Z and has not been modified since then. The NVD entry is currently Deferred. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify affected systems and review vendor guidance for specific mitigation steps.
Official resources
-
CVE-2025-69110 CVE record
CVE.org
-
CVE-2025-69110 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T13:19:16.947Z and has not been modified since then.