PatchSiren cyber security CVE debrief
CVE-2025-69119 ThemeREX CVE debrief
CVE-2025-69119 is an Unauthenticated Local File Inclusion vulnerability in Corbesier theme versions <= 1.15.0. The CVSS score is 8.1, indicating a HIGH severity level. This vulnerability allows unauthenticated attackers to include local files, potentially leading to code execution or information disclosure. Users of Corbesier theme version 1.15.0 or earlier should prioritize updating to a patched version to mitigate this vulnerability. The CVE record and NVD entry provide further details.
- Vendor
- ThemeREX
- Product
- Corbesier
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Users of Corbesier theme version 1.15.0 or earlier should prioritize updating to a patched version to mitigate this vulnerability. Operators, platform administrators, vulnerability management teams, and security teams should review the official advisory and CVE record for affected scope, severity, and vendor guidance.
Technical summary
The vulnerability allows unauthenticated attackers to include local files, potentially leading to code execution or information disclosure. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. This issue affects Corbesier theme versions <= 1.15.0. Users should review the official advisory and CVE record for affected scope, severity, and vendor guidance.
Defensive priority
High priority should be given to updating Corbesier theme to a version that addresses this vulnerability.
Recommended defensive actions
- Update Corbesier theme to a patched version
- Review and monitor for suspicious file inclusion attempts
- Implement additional security measures to protect against local file inclusion attacks
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
Evidence notes
The CVE record was published on 2026-06-17T13:19:17.920Z and last modified on 2026-06-17T14:45:15.717Z. The NVD entry is currently Deferred. The Corbesier theme versions <= 1.15.0 are affected by this vulnerability. Users should verify their deployments and plan for updates or mitigations. The official CVE record and NVD details provide additional context.
Official resources
-
CVE-2025-69119 CVE record
CVE.org
-
CVE-2025-69119 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T13:19:17.920Z and has not been modified since then. The NVD entry is currently Deferred.