Remote File Inclusion in Grevo Theme by Themesion
CVE-2025-62029

Currently unrated

Key Information:

Vendor

WordPress
Status
Grevo
Vendor
CVE Published:
22 October 2025

What is CVE-2025-62029?

The Grevo theme by Themesion is vulnerable to a Remote File Inclusion flaw. This vulnerability arises from improper control of the filename in PHP's include/require statements. An attacker could exploit this flaw to execute arbitrary PHP code, leading to potential site-wide compromises. Users of the Grevo theme are urged to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Grevo <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/grevo...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)
JSON
.
CVE-2025-62029 : Remote File Inclusion in Grevo Theme by Themesion