CVE-2025-69161 ThemeREX CVE debrief

Who should care

Administrators and security teams using the Snowy theme, version 1.13 or earlier, should be aware of this vulnerability and take necessary actions to secure their systems.

Technical summary

CVE-2025-69161 is an unauthenticated local file inclusion vulnerability in the Snowy theme, affecting versions <= 1.13. The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high severity. The CWE-98 weakness is associated with this vulnerability.

Defensive priority

High

Recommended defensive actions

• Update the Snowy theme to a version greater than 1.13
• Restrict access to sensitive files and directories
• Implement additional security measures, such as web application firewalls
• Monitor systems for suspicious activity
• Consider patching or mitigating the vulnerability immediately
• Review and update incident response plans

Evidence notes

The information provided is based on data from the NVD and Patchstack. The CVE record and NVD detail pages provide additional information on this vulnerability. However, the vendor and product information is not confirmed, and the canonical source is a weak reference domain.

Official resources