CVE-2025-24642

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 3, 2025

CWE ID 862

Summary

CVE-2025-24642 is a security vulnerability affecting the Setup Default Featured Image function in theme funda. This issue stems from missing authorization checks, enabling unauthorized users to manipulate incorrectly configured access control security levels. Consequently, an attacker can exploit this vulnerability to gain unapproved access and make unwarranted modifications. Affected versions of the theme funda Setup Default Featured Image range from n/a to 1.2. It is essential for users to update their software to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2ul-83
https://www.cve.org/CVERecord?id=CVE-2025-24642
https://nvd.nist.gov/vuln/detail/CVE-2025-24642

Back to Vulnerability Database

CVE-2025-24642

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations