CVE-2025-31047
Published: 05 January 2026
Summary
CVE-2025-31047 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-31047 is a Deserialization of Untrusted Data vulnerability (CWE-502) in the Themify Edmin WordPress theme, which allows Object Injection. This issue affects Themify Edmin versions from n/a through 2.0.0.
The vulnerability can be exploited by an attacker with low privileges (PR:L) over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N), without changing scope (S:U). Successful exploitation leads to high impacts on confidentiality, integrity, and availability, earning a CVSS v3.1 base score of 8.8.
The Patchstack advisory documents this PHP Object Injection vulnerability in the Themify Edmin WordPress theme version 2.0.0.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-0878
Vulnerability details
Deserialization of Untrusted Data vulnerability in Themify Themify Edmin edmin allows Object Injection.This issue affects Themify Edmin: from n/a through <= 2.0.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct RCE vector via unauthenticated deserialization/object injection in public-facing WordPress theme component.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the deserialization of untrusted data flaw in Themify Edmin theme versions through <=2.0.0 by identifying, reporting, and applying patches.
Prevents object injection by validating untrusted inputs before deserialization to ensure they do not contain malicious serialized objects.
Mitigates potential remote code execution from object injection via memory protections such as DEP and ASLR.