Home / Vulnerability Intelligence / CVE-2025-68555

CVE-2025-68555 - Vulnerability Analysis

CriticalCVSS: 9.9

Last Updated: March 5, 2026

zozothemes Nutrie - Unrestricted File Upload

Published: March 5, 2026Updated: March 5, 2026Remote Exploitable

Overview

zozothemes Nutrie < 2.0.1 contains an unrestricted file upload vulnerability caused by lack of proper file type validation, letting attackers upload web shells to the server, exploit requires no special privileges.

Severity & Score

Severity: Critical

CVSS Score: 9.9

EPSS Score: 4.2%(Probability of exploitation in next 30 days)

Impact

Attackers can upload malicious web shells, leading to remote code execution and full server compromise.

Mitigation

Update to version 2.0.1 or later.

References

https://patchstack.com/database/Wordpress/Theme/nutrie/vulnerability/wordpress-nutrie-theme-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 5, 2026

🔴 CVE-2025-68555 - Critical (9.9) Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through < 2.0.1. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68555/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-68555
Severity: Critical
CVSS Score: 9.9
Type: unrestricted_file_upload
Status: unconfirmed
EPSS: 4.2%
Social Posts: 1

CWE

CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

4.2%Probability of exploitation in the next 30 days