Remote File Inclusion Vulnerability in Houzez Theme by Favethemes
CVE-2025-62053

8.1HIGH

Key Information:

Vendor: WordPress
Status: Houzez
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-62053?

The Houzez theme from Favethemes contains a vulnerability related to improper control over filenames in include/require statements. This PHP Remote File Inclusion issue can potentially allow attackers to execute arbitrary code or access sensitive files, compromising the security of websites using versions prior to 4.2.0. Website administrators are urged to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Houzez 0 <= 4.2.0

References

https://patchstack.com/database/Wordpress/Theme/houzez/vu...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Oct 7, 2025

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program

CVE-2025-62053 Data

JSON

WordPress

What is CVE-2025-62053?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit