Deserialization Vulnerability in The Business Product by Themeton
CVE-2025-31430

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: The Business
Vendor: CVE Published:; 23 May 2025

What is CVE-2025-31430?

A deserialization of untrusted data vulnerability in The Business product by Themeton allows for object injection. This vulnerability could potentially enable an attacker to exploit the system, leading to unauthorized actions or data manipulation. It affects versions starting from n/a up to 1.6.1, posing a risk to users who have not applied necessary security measures. Users of The Business are urged to update their installations to mitigate potential threats associated with this vulnerability.

Affected Version(s)

The Business <= 1.6.1

References

https://patchstack.com/database/wordpress/theme/nrgbusine...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2025
Vulnerability Reserved
Mar 28, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)

WordPress

What is CVE-2025-31430?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit