CVE-2025-68909
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-28

Assigner: Patchstack

Description
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogistic blogistic allows Using Malicious Files.This issue affects Blogistic: from n/a through <= 1.0.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-28
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68909
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
blazethemes blogistic to 1.0.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68909 is a high-priority Arbitrary File Upload vulnerability in the WordPress Blogistic Theme (up to version 1.0.5). It allows an attacker with low privileges (such as a subscriber or developer) to upload any type of file, including malicious files like backdoors, to the affected website. This can lead to unauthorized access and further exploitation of the site. The vulnerability is classified under OWASP Top 10 A1: Broken Access Control and has a CVSS severity score of 9.9, indicating it is highly dangerous. [1]

Impact Analysis

This vulnerability can severely impact you by allowing attackers to upload and execute malicious files on your website, potentially gaining unauthorized access and control. This can lead to data breaches, website defacement, loss of service, or use of your site as a platform for further attacks. Since the theme is no longer maintained and no official fix exists, the risk remains high unless mitigated by applying Patchstack's mitigation rules or replacing the vulnerable theme. [1]

Mitigation Strategies

Immediate steps to mitigate this vulnerability include applying the mitigation rule issued by Patchstack to block attacks exploiting this vulnerability, or removing and replacing the vulnerable Blogistic theme (versions up to and including 1.0.5). Deactivating the theme alone does not eliminate the security risk unless a mitigation rule is applied. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68909. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart