Local File Inclusion Vulnerability in Xinterio Theme by themeStek
CVE-2025-54690
8.1HIGH
What is CVE-2025-54690?
The Xinterio theme by themeStek has a vulnerability that allows for local file inclusion via improper control of filenames in include/requires statements. This issue puts users at risk by enabling unauthorized access to sensitive files and server data. Affected versions range from n/a to 4.2, making it crucial for website administrators using Xinterio to apply necessary patches and mitigations.
Affected Version(s)
Xinterio <= 4.2
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)