CVE-2026-25400
Received Received - Intake

Deserialization Object Injection in Apicona

Vulnerability report for CVE-2026-25400, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: Patchstack

Description

Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through <= 24.1.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-07-06
AI Q&A
2026-03-25
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
thememount apicona to 24.1.0 (inc)
apicona apicona to 24.1.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

There is no specific detection method or commands provided in the available information to identify this vulnerability on your network or system.

Compliance Impact

The provided information does not specify how the CVE-2026-25400 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

Immediate mitigation steps include applying the mitigation rule issued by Patchstack that can block attacks exploiting this vulnerability until an official patch is released.

Users are strongly advised to update the affected Apicona theme to a patched version once it becomes available.

In the meantime, seek assistance from your hosting provider or web developer to implement protective measures.

Patchstack offers automated mitigation solutions to protect websites from this vulnerability in the interim.

Executive Summary

This vulnerability is a Deserialization of Untrusted Data issue in thememount Apicona. It allows an attacker to perform Object Injection by exploiting the way Apicona processes serialized data. This can lead to unexpected behavior or execution of malicious code.

Impact Analysis

The vulnerability can allow attackers to inject malicious objects into the application, potentially leading to unauthorized code execution, data manipulation, or other security breaches depending on the context in which the application is used.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25400. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart