PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-69141 ThemeREX CVE debrief

CVE-2025-69141 is a HIGH severity vulnerability (CVSS Score: 8.1) in the Kelly Young theme, affecting versions <= 1.1.0. This vulnerability allows unauthenticated local file inclusion, potentially enabling attackers to access sensitive files. The vulnerability was published on June 17, 2026, and last modified on the same day. Users of the affected theme should take immediate action to mitigate this vulnerability.

Vendor
ThemeREX
Product
Kelly Young
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Administrators and users of the Kelly Young theme, version <= 1.1.0, should be aware of this vulnerability and take necessary actions to secure their installations.

Technical summary

The CVE-2025-69141 vulnerability is caused by an unauthenticated local file inclusion weakness in the Kelly Young theme, versions <= 1.1.0. This allows attackers to potentially access sensitive files on the server. The vulnerability has a CVSS Score of 8.1, indicating a HIGH severity level. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Defensive priority

HIGH

Recommended defensive actions

  • Update the Kelly Young theme to a version greater than 1.1.0.
  • Restrict access to sensitive files and directories.
  • Implement additional security measures, such as web application firewalls (WAFs).
  • Monitor for suspicious activity and potential exploitation attempts.
  • Consider using a security plugin or service to detect and prevent attacks.

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and Patchstack. The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4].

Official resources

CVE-2025-69141 was published on June 17, 2026, and last modified on the same day.