Cyber Posture

CVE-2025-62056

Critical

Published: 22 January 2026

Published
22 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0002 4.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-62056 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 4.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the CVE by requiring timely remediation and patching of the vulnerable News Event WordPress theme to versions beyond 1.0.1.

SI-10 Information Input Validation good match
prevent

Validates the content of file uploads to the WordPress theme, preventing acceptance of dangerous file types that could lead to remote code execution.

SI-9 Information Input Restrictions good match
prevent

Restricts file uploads in the News Event theme to only permitted types and characteristics, blocking unrestricted uploads of dangerous files by low-privilege users.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1100 Web Shell Persistence
A Web shell is a Web script that is placed on an openly accessible Web server to allow an adversary to use the Web server as a gateway into a network.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

Unrestricted arbitrary file upload (CWE-434) in a public-facing WordPress theme directly enables web shell deployment and remote code execution on the server.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes News Event news-event.This issue affects News Event: from n/a through <= 1.0.1.

Deeper analysisAI

CVE-2025-62056 is an Unrestricted Upload of File with Dangerous Type vulnerability (CWE-434) in the News Event WordPress theme developed by BlazeThemes. The issue affects the News Event theme from unknown initial versions through version 1.0.1.

The vulnerability has a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating it is exploitable over the network with low attack complexity by an authenticated user with low privileges and no user interaction required. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, likely enabling arbitrary file uploads that could lead to remote code execution or full server compromise due to the changed scope.

Mitigation details are available in advisories such as the Patchstack database entry at https://patchstack.com/database/Wordpress/Theme/news-event/vulnerability/wordpress-news-event-theme-1-0-1-arbitrary-file-upload-vulnerability?_s_id=cve. The vulnerability was published on 2026-01-22T17:15:58.757.

Details

CWE(s)
CWE-434

CVEs Like This One

CVE-2025-67924Shared CWE-434
CVE-2026-38526Shared CWE-434
CVE-2025-6057Shared CWE-434
CVE-2026-27067Shared CWE-434
CVE-2020-36942Shared CWE-434
CVE-2024-57169Shared CWE-434
CVE-2023-53933Shared CWE-434
CVE-2025-68909Shared CWE-434
CVE-2021-47757Shared CWE-434
CVE-2025-68986Shared CWE-434

References