The vulnerability CVE-2025-49073 affects axiomthemes Sweet Dessert versions before 1.1.13 and involves unsafe deserialization of untrusted data, enabling object injection attacks. This can lead to remote code execution or other severe impacts due to the manipulation of serialized objects. The CVSS 3.1 base score of 9.8 reflects its critical severity, with network attack vector, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability. No patch or official remediation guidance is currently available from the vendor or other authoritative sources.

Successful exploitation of this vulnerability can lead to complete compromise of the affected system, including unauthorized disclosure, modification, or destruction of data, and potential full system takeover. The vulnerability is remotely exploitable without authentication or user interaction, making it highly dangerous if leveraged by attackers. However, no known exploits in the wild have been reported so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or restricting features that process serialized data from untrusted sources if possible. Monitor vendor channels for updates and apply patches promptly once available.