CVE-2025-49507
BaseFortify
Publication date: 2025-06-10
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49507 is a high-severity PHP Object Injection vulnerability in the WordPress CozyStay Theme versions before 1.7.1. It allows unauthenticated attackers to inject malicious PHP objects, potentially leading to remote code execution, SQL injection, path traversal, denial of service, and other attacks if a suitable Property Oriented Programming (POP) chain is available. This vulnerability requires no privileges to exploit and is classified under OWASP Top 10 category A3: Injection. [1]
How can this vulnerability impact me? :
This vulnerability can have critical impacts including remote code execution, allowing attackers to run arbitrary code on the server; SQL injection, which can compromise or manipulate the database; path traversal, potentially exposing sensitive files; denial of service, disrupting website availability; and other attacks. Since it requires no privileges to exploit, it poses a high risk of mass exploitation and can severely compromise the security and functionality of affected websites. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for signs of PHP Object Injection attacks targeting the CozyStay theme prior to version 1.7.1. Since the vulnerability allows unauthenticated remote exploitation, network intrusion detection systems (NIDS) or web application firewalls (WAF) with signatures for PHP object injection attempts can help detect exploitation attempts. Additionally, scanning web server logs for unusual serialized PHP objects or suspicious POST requests may indicate exploitation attempts. Specific commands are not provided in the resources, but users are advised to perform server-side malware scanning and seek professional incident response if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the CozyStay WordPress theme to version 1.7.1 or later, which contains the official fix for the vulnerability. Until the update can be applied, users should deploy Patchstack's virtual patch (vPatch) that automatically blocks attacks exploiting this vulnerability. Due to the high severity and ease of exploitation, applying these mitigations promptly is critical. If a system is suspected to be compromised, professional incident response and server-side malware scanning are recommended rather than relying solely on plugin-based malware scanners. [1]