CVE-2025-53242
Published: 06 November 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-53242 is a Deserialization of Untrusted Data vulnerability (CWE-502) in the VictorThemes Seil WordPress theme, enabling Object Injection. This issue affects Seil versions from n/a through 1.7.1 and was published on 2025-11-06.
With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability can be exploited over the network by unauthenticated attackers requiring low complexity and no user interaction. Successful exploitation could lead to high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution or full theme compromise on affected WordPress sites.
Patchstack has documented the vulnerability in its database for the Seil theme version 1.7.1, providing details at https://patchstack.com/database/Wordpress/Theme/seil/vulnerability/wordpress-seil-theme-1-7-1-deserialization-of-untrusted-data-vulnerability?_s_id=cve.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
CVE-2025-53242 is a high-severity deserialization vulnerability in a public-facing WordPress theme exploitable remotely without authentication, enabling arbitrary code execution and directly facilitating T1190: Exploit Public-Facing Application.