CVE-2025-69112 ThemeREX CVE debrief

Who should care

Administrators and users of the Planty theme version 1.14.0 or lower should be aware of this vulnerability. Given its HIGH severity and potential for exploitation, immediate attention is required to secure affected installations.

Technical summary

The vulnerability, identified as CVE-2025-69112, is an unauthenticated local file inclusion issue in the Planty theme up to version 1.14.0. It has been assigned a CVSS score of 8.1, indicating a HIGH severity level. The vulnerability's CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, suggesting that it can be exploited over the network with high impact on confidentiality, integrity, and availability. The weakness associated with this vulnerability is CWE-98.

Defensive priority

HIGH

Recommended defensive actions

• Update the Planty theme to a version beyond 1.14.0 if available.
• Restrict access to sensitive files and directories.
• Implement additional security measures to monitor and limit file inclusion attempts.
• Regularly review and update software and themes to ensure they are current and patched.
• Consider using a Web Application Firewall (WAF) to detect and prevent exploitation attempts.
• Monitor for suspicious activity and implement logging and alerting for potential security incidents.

Evidence notes

The information provided is based on data from official sources, including the CVE.org and NVD. The CVE record and NVD detail pages provide comprehensive information about the vulnerability. Additional details can be found in the mitigation or vendor reference provided by Patchstack.

Official resources