CVE-2025-69113 ThemeREX CVE debrief

Who should care

Administrators and users of Nexio versions <= 1.10.0 should be aware of this vulnerability and take necessary actions to secure their systems. This vulnerability can be exploited by unauthenticated attackers, making it a high-priority concern.

Technical summary

CVE-2025-69113 is an unauthenticated local file inclusion vulnerability in Nexio versions <= 1.10.0. The vulnerability has a CVSS Score of 8.1 and a CVSS Severity of HIGH. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability. The weakness is classified as CWE-98.

Defensive priority

High

Recommended defensive actions

• Update Nexio to a version greater than 1.10.0
• Restrict access to sensitive files and directories
• Implement additional security measures, such as web application firewalls
• Monitor system logs for suspicious activity
• Consider using a vulnerability management tool to track and remediate vulnerabilities
• Review and update incident response plans to address potential exploitation

Evidence notes

The vulnerability was reported by Patchstack and is documented in the CVE record. The CVE record and NVD detail provide additional information about the vulnerability.

Official resources