CVE-2025-69370
Awaiting Analysis Awaiting Analysis - Queue
Deserialization Object Injection in ThemeGoods Capella

Publication date: 2026-02-20

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Deserialization of Untrusted Data vulnerability in ThemeGoods Capella capella allows Object Injection.This issue affects Capella: from n/a through <= 2.5.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69370
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
themegoods capella to 2.5.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69370 is a high-priority PHP Object Injection vulnerability in the WordPress Capella Theme versions up to and including 2.5.5.

This vulnerability allows unauthenticated attackers to perform PHP Object Injection, which can lead to various attacks such as code injection, SQL injection, path traversal, and denial of service if a suitable Property Oriented Programming (POP) chain is present.

It is classified under OWASP Top 10 A3: Injection and has a CVSS severity score of 9.8, indicating it is highly dangerous and likely to be exploited.

Impact Analysis

This vulnerability can have severe impacts including unauthorized code execution, which may allow attackers to take control of the affected website.

Attackers could exploit this flaw to perform SQL injection, leading to data theft or manipulation.

It can also enable path traversal attacks, potentially exposing sensitive files on the server.

Additionally, denial of service attacks could be launched, disrupting the availability of the website.

Since the vulnerability is exploitable by unauthenticated attackers, it poses a significant risk to website security and integrity.

Compliance Impact

I don't know

Detection Guidance

There is no specific information provided about detection commands or methods for this vulnerability in the available resources.

Mitigation Strategies

Since no official patch is currently available for CVE-2025-69370, immediate mitigation involves applying the Patchstack mitigation rule designed to block attacks targeting this vulnerability.

Users are strongly advised to implement this mitigation through Patchstack’s security platform to protect their websites until an official patch is released and can be safely applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69370. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart