Home / Vulnerability Intelligence / CVE-2025-60233

CVE-2025-60233 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 19, 2026

Themeton Zuut - Insecure Deserialization

Published: March 19, 2026Updated: March 19, 2026Remote Exploitable

Overview

Themeton Zuut <= 1.4.2 contains an insecure deserialization vulnerability caused by untrusted data deserialization, letting attackers perform object injection remotely, exploit requires no special privileges.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can perform object injection leading to remote code execution or application compromise.

Mitigation

Update to the latest version beyond 1.4.2.

References

https://patchstack.com/database/wordpress/theme/zuut/vulnerability/wordpress-zuut-theme-1-4-2-php-object-injection-vulnerability?_s_id=cve

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Mar 19, 2026

🔴 CVE-2025-60233 - Critical (9.8) Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-60233/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Mar 19, 2026

View original post

Related Resources

Details

CVE ID: CVE-2025-60233
Severity: Critical
CVSS Score: 9.8
Type: insecure_deserialization
Status: new
EPSS: 0.0%
Social Posts: 2

CWE

CWE-502

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days