CVE-2025-69176
Deferred Deferred - Pending Action
Unauthenticated Local File Inclusion in ITactics

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Unauthenticated Local File Inclusion in ITactics <= 1.0 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-69176
EUVD
EUVD-2025-210182
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack itactics to 1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69176 is a Local File Inclusion (LFI) vulnerability found in the WordPress ITactics Theme version 1.0 or earlier. This vulnerability allows unauthenticated attackers to include local files on the target website.

By exploiting this flaw, attackers can potentially access sensitive data such as database credentials and may even achieve a full database takeover depending on the server configuration.

The vulnerability has a high severity score of 8.1 on the CVSS scale, indicating a significant risk and likelihood of being targeted in mass-exploit campaigns.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to sensitive information such as database credentials.

In some cases, attackers may leverage this flaw to take over the entire database, which can lead to data loss, data manipulation, or service disruption.

Because the vulnerability is exploitable without authentication and has a high severity score, it poses a significant security risk to affected websites.

Mitigation Strategies

The vulnerability affects the WordPress ITactics Theme version 1.0 or earlier and allows unauthenticated attackers to include local files, potentially exposing sensitive data.

As there is no official patch available yet, immediate mitigation involves applying the Patchstack provided mitigation rule to block attacks targeting this vulnerability.

Additional recommended steps include updating the theme if an update becomes available, or seeking assistance from your hosting provider or a developer to implement protective measures.

Compliance Impact

The vulnerability allows unauthenticated attackers to include local files on the target website, potentially exposing sensitive data such as database credentials and enabling a full database takeover depending on server configuration.

Exposure of sensitive data due to this vulnerability could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

Therefore, exploitation of this vulnerability increases the risk of data breaches, which can result in regulatory penalties and damage to organizational compliance posture.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69176. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart