The CVE-2025-31069 vulnerability in themeton HotStar – Multi-Purpose Business Theme (up to version 1.4) is classified as CWE-502: Deserialization of Untrusted Data. This vulnerability allows an attacker to perform object injection by exploiting unsafe deserialization processes. The CVSS 3.1 base score is 9.8, reflecting a critical severity with network attack vector, no privileges or user interaction required, and full impact on confidentiality, integrity, and availability. No patch or official fix has been published, and the product is not a cloud service, so remediation depends on vendor updates.

Successful exploitation of this vulnerability can lead to complete compromise of the affected system, including unauthorized code execution, data manipulation, and denial of service. The critical CVSS score (9.8) reflects the potential for severe impact without any required privileges or user interaction. No known exploits have been reported in the wild so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix is currently available, users should monitor vendor communications for updates. Until a fix is released, consider restricting access to the affected application and applying any available workarounds recommended by the vendor once published.