CVE-2025-69329
Awaiting Analysis Awaiting Analysis - Queue
Deserialization Object Injection in Jthemes Prestige

Publication date: 2026-02-20

Last updated on: 2026-02-24

Assigner: Patchstack

Description
Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through < 1.4.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69329
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jthemes prestige to 1.4.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69329 is a high-severity PHP Object Injection vulnerability in the WordPress Prestige Theme versions prior to 1.4.1.

This vulnerability allows unauthenticated attackers to perform PHP Object Injection by exploiting deserialization of untrusted data, potentially enabling code injection, SQL injection, path traversal, denial of service, and other attacks if a suitable Property Oriented Programming (POP) chain is available.

It falls under the OWASP Top 10 category A3: Injection.

Impact Analysis

This vulnerability can have severe impacts including unauthorized code execution, database compromise through SQL injection, unauthorized file system access via path traversal, and denial of service conditions.

Since the vulnerability requires no privileges to exploit, attackers can leverage it without authentication, increasing the risk of exploitation.

These impacts can lead to system compromise, data loss, service disruption, and further exploitation of the affected environment.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves PHP Object Injection in the WordPress Prestige Theme versions prior to 1.4.1. Detection typically involves monitoring for suspicious PHP object injection attempts or unusual payloads targeting the theme.

Patchstack has issued mitigation rules to block attacks prior to updating, which may include web application firewall (WAF) rules or intrusion detection system (IDS) signatures.

Specific commands are not provided in the available resources, but general detection can include searching web server logs for suspicious POST requests or payloads containing serialized PHP objects targeting the Prestige theme.

Mitigation Strategies

The immediate recommended step is to update the WordPress Prestige Theme to version 1.4.1 or later, where the vulnerability has been patched.

Until the update can be applied, Patchstack recommends applying their mitigation rules to block attacks exploiting this vulnerability.

Because the vulnerability requires no privileges to exploit and is high severity, prioritizing the update and applying mitigation rules is critical to prevent potential code injection, SQL injection, path traversal, denial of service, and other attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69329. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart