PatchSiren cyber security CVE debrief
CVE-2025-69120 ThemeREX CVE debrief
CVE-2025-69120 is a high-severity unauthenticated local file inclusion vulnerability in the Dazzle theme for WordPress, affecting version 1.0.0 or earlier. The vulnerability has a CVSS score of 8.1 and is classified as HIGH severity. The Common Vulnerability Scoring System (CVSS) vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Users of the Dazzle theme for WordPress should apply patches or mitigations to prevent unauthenticated local file inclusion attacks. The vulnerability allows attackers to include local files without authentication, potentially leading to sensitive information disclosure or code execution.
- Vendor
- ThemeREX
- Product
- Dazzle
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Users of the Dazzle theme for WordPress, version 1.0.0 or earlier, should apply patches or mitigations to prevent unauthenticated local file inclusion attacks. This includes administrators, security teams, and operators responsible for maintaining WordPress installations with the Dazzle theme.
Technical summary
CVE-2025-69120 is an unauthenticated local file inclusion vulnerability in the Dazzle theme for WordPress, affecting version 1.0.0 or earlier. The vulnerability has a CVSS score of 8.1 and is classified as HIGH severity. The Common Vulnerability Scoring System (CVSS) vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability allows attackers to include local files without authentication, potentially leading to sensitive information disclosure or code execution.
Defensive priority
High priority should be given to applying patches or mitigations for CVE-2025-69120, as it allows unauthenticated local file inclusion attacks.
Recommended defensive actions
- Apply patches or updates for the Dazzle theme, version 1.0.0 or earlier.
- Implement mitigations, such as restricting access to sensitive files or directories.
- Monitor for suspicious activity, such as unusual file access requests.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
The CVE record was published on 2026-06-17T14:17:32.470Z and last modified on 2026-06-17T15:16:36.740Z. The NVD entry is currently Deferred. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify the affected scope and apply patches or mitigations accordingly.
Official resources
-
CVE-2025-69120 CVE record
CVE.org
-
CVE-2025-69120 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T14:17:32.470Z and has not been modified since then. The NVD entry is currently Deferred.