WordPress Revolution theme < 2.5.8 - Local File Inclusion vulnerability
CVE-2025-62066

Currently unrated

Key Information:

Vendor: WordPress
Status: Revolution
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-62066?

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Revolution revolution.This issue affects Revolution: from n/a through < 2.5.8.

Affected Version(s)

Revolution <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/revol...

vdb-entry

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Oct 7, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program

JSON