PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-69158 ThemeREX CVE debrief

CVE-2025-69158 is a HIGH severity vulnerability (CVSS Score: 8.1) in the Granola theme, affecting versions up to 1.13. This vulnerability allows unauthenticated local file inclusion, potentially enabling attackers to access sensitive files. The vulnerability was published on June 17, 2026, and last modified on the same day. Organizations using the affected Granola theme versions should take immediate action to mitigate this vulnerability.

Vendor
ThemeREX
Product
Granola
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Administrators and security teams responsible for WordPress installations using the Granola theme version 1.13 or earlier should prioritize patching this vulnerability to prevent potential exploitation.

Technical summary

The CVE-2025-69158 vulnerability is caused by an unauthenticated local file inclusion weakness in the Granola theme, affecting versions up to 1.13. This vulnerability is classified under CWE-98. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a High severity level.

Defensive priority

High

Recommended defensive actions

  • Update the Granola theme to a version beyond 1.13.
  • Restrict access to sensitive files and directories.
  • Implement additional security measures, such as web application firewalls (WAFs).
  • Regularly monitor for and apply security patches.
  • Consider replacing the Granola theme with a more secure alternative.
  • Perform a thorough security audit of the affected system.

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and Patchstack. The CVE record and NVD detail can be accessed through the provided resource links.

Official resources

CVE-2025-69158 was published on June 17, 2026, and last modified on the same day.