CVE-2025-60214
Published: 22 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-60214 is a Deserialization of Untrusted Data vulnerability (CWE-502) in the BoldThemes Goldenblatt WordPress theme that allows Object Injection. Published on 2025-10-22, this issue affects Goldenblatt versions from n/a through less than 1.3.0.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it can be exploited remotely by unauthenticated attackers with low attack complexity and no user interaction required. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution or other severe effects via injected objects.
The Patchstack advisory at https://patchstack.com/database/Wordpress/Theme/goldenblatt/vulnerability/wordpress-goldenblatt-theme-1-2-1-php-object-injection-vulnerability?_s_id=cve details the vulnerability in the Goldenblatt theme, with mitigation achieved by updating to version 1.3.0 or later.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a high-severity deserialization flaw (CWE-502) in a public-facing WordPress theme, exploitable remotely by unauthenticated attackers without user interaction, enabling arbitrary code execution, which directly maps to T1190: Exploit Public-Facing Application.