CVE-2025-69117
Deferred Deferred - Pending Action
Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-69117
EUVD
EUVD-2025-210227
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack ingenioso to 1.14.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthenticated attackers to include local files on the target website, potentially exposing sensitive data such as database credentials and leading to a complete database takeover in certain configurations.

Exposure of sensitive data due to this vulnerability could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

Therefore, organizations using the affected Ingenioso theme versions may face compliance risks if this vulnerability is exploited, as it compromises confidentiality, integrity, and availability of data.

Executive Summary

CVE-2025-69117 is a Local File Inclusion (LFI) vulnerability affecting the WordPress Ingenioso Theme versions 1.14.0 and below.

This flaw allows unauthenticated attackers to include local files on the target website, which means they can access files stored on the server without needing to log in.

Exploiting this vulnerability can expose sensitive data such as database credentials and potentially lead to a complete database takeover in certain configurations.

Impact Analysis

The impact of this vulnerability is high, with a CVSS score of 8.1, indicating a serious security risk.

An attacker exploiting this vulnerability can gain access to sensitive files on your server, including database credentials.

In some cases, this can lead to a complete takeover of your database, compromising the confidentiality, integrity, and availability of your data.

Because the vulnerability is unauthenticated, attackers do not need any prior access or credentials to exploit it.

This makes it likely to be targeted in mass-exploit campaigns, increasing the urgency to apply mitigations or updates.

Mitigation Strategies

The WordPress Ingenioso Theme versions 1.14.0 and below are affected by a high-priority Local File Inclusion vulnerability with no official patch available yet.

Immediate mitigation steps include applying the temporary mitigation rule issued by Patchstack to block attacks until an official fix is released.

It is also advised to update the theme when a patch becomes available or seek assistance from your hosting provider or a web developer to secure your site.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69117. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart