AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-31052: Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme allows Obje

criticalvulnerability

security

Source: NVD/CVE DatabaseJune 9, 2025CVE-2025-31052

Summary

A deserialization of untrusted data vulnerability (CWE-502, a weakness where an application processes data from an untrusted source without checking it first) was found in The Fashion - Model Agency One Page Beauty Theme for WordPress, affecting versions up to 1.4.4. This vulnerability allows object injection (inserting malicious objects into the application), which could let attackers execute unintended code or actions.

Vulnerability Details

CVSS Score

9.8(critical)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-502

CAPEC (Attack Pattern)

CAPEC-586

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-31052

First tracked: February 15, 2026 at 08:53 PM

Classified by LLM (prompt v3) · confidence: 95%