CVE-2025-60233
Received Received - Intake
Deserialization Object Injection in Themeton Zuut

Publication date: 2026-03-19

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-60233
EUVD
EUVD-2025-208861
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
themeton zuut From 1.0.0 (inc) to 1.4.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-60233 is a high-severity PHP Object Injection vulnerability affecting the WordPress Zuut Theme versions up to and including 1.4.2.

This vulnerability allows unauthenticated attackers to perform PHP Object Injection by exploiting deserialization of untrusted data.

If a suitable Property Oriented Programming (POP) chain is available, attackers can leverage this to execute remote code, perform SQL injection, path traversal, denial of service, and other attacks.

The vulnerability is extremely dangerous with a CVSS score of 9.8, indicating a high likelihood of exploitation in mass attack campaigns targeting many websites.

Impact Analysis

This vulnerability can have critical impacts including remote code execution, which allows attackers to run arbitrary code on the affected server.

It can also lead to SQL injection, enabling attackers to manipulate or steal data from the database.

Other possible impacts include path traversal, which can expose sensitive files, and denial of service attacks that can disrupt website availability.

Because the vulnerability can be exploited without authentication, it poses a significant risk to any website using the affected theme.

Compliance Impact

I don't know

Detection Guidance

There is no specific information provided about detection commands or methods for this vulnerability in the available resources.

Mitigation Strategies

To mitigate the CVE-2025-60233 vulnerability in the WordPress Zuut Theme (versions up to 1.4.2), users should immediately apply the mitigation rule provided by Patchstack, which can block exploitation attempts until an official patch is released.

Since no official patch is currently available in the WordPress theme repository, it is strongly advised to seek assistance from your hosting provider or web developer to apply the mitigation or other protective measures.

Using Patchstack’s automated vulnerability mitigation services is recommended to help secure websites against this and similar threats.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-60233. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart