CVE-2025-69121 ThemeREX CVE debrief

Who should care

Administrators and users of the Deliciosa theme, particularly those using versions up to 1.10.0, should be aware of this vulnerability and take necessary precautions to prevent exploitation.

Technical summary

The CVE-2025-69121 vulnerability is caused by an unauthenticated local file inclusion weakness in the Deliciosa theme, affecting versions up to 1.10.0. This vulnerability is classified under CWE-98. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Defensive priority

HIGH

Recommended defensive actions

• Update the Deliciosa theme to a version beyond 1.10.0.
• Restrict access to sensitive files and directories.
• Implement additional security measures, such as web application firewalls.
• Monitor for suspicious activity and potential exploitation attempts.
• Consider using a security information and event management (SIEM) system.
• Regularly review and update software and plugins.
• Limit the use of sensitive functions to authenticated users.

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and Patchstack. The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4].

Official resources