CVE-2025-60097 is a medium-severity vulnerability classified under CWE-862 (Missing Authorization) affecting CodexThemes TheGem, a popular WordPress theme used for building websites. The vulnerability arises from incorrectly configured access control security levels, allowing users with limited privileges (PR:L - privileges required: low) to perform unauthorized actions that should be restricted. The CVSS 3.1 base score is 5.4, indicating a moderate risk. The attack vector is network-based (AV:N), does not require user interaction (UI:N), and the scope remains unchanged (S:U). The impact affects integrity and availability (I:L/A:L) but not confidentiality. This means an attacker with low privileges can potentially modify data or disrupt service availability without gaining access to confidential information. The affected versions include TheGem theme up to version 5.10.5, with no specific earliest affected version provided. No public exploits are currently known in the wild, and no patches have been linked yet. The vulnerability likely allows privilege escalation or unauthorized modification of website content or configurations due to missing or improperly enforced authorization checks in the theme's codebase. Given TheGem's widespread use in WordPress sites, exploitation could lead to defacement, data tampering, or denial of service on affected websites.

For European organizations using TheGem theme on their WordPress sites, this vulnerability poses a moderate risk. Unauthorized modification of website content or disruption of service could damage brand reputation, reduce customer trust, and impact business operations, especially for e-commerce, media, and service providers relying on their web presence. While confidentiality is not directly impacted, integrity and availability issues can lead to misinformation, loss of sales, or downtime. Organizations in sectors with strict regulatory requirements (e.g., GDPR) must consider the risk of non-compliance if unauthorized changes lead to data integrity issues or service interruptions. Since exploitation requires only low privileges and no user interaction, attackers could leverage compromised or low-level accounts to escalate their impact. The absence of known exploits currently reduces immediate risk but does not eliminate the threat, especially as attackers often develop exploits soon after disclosure.

1. Immediate action should include auditing user roles and permissions within WordPress to ensure that only trusted users have low-level privileges that could be exploited. 2. Monitor and restrict access to administrative and theme management functions, employing the principle of least privilege. 3. Implement web application firewalls (WAFs) with custom rules to detect and block suspicious requests targeting TheGem theme endpoints. 4. Regularly update TheGem theme to the latest version once a patch addressing this vulnerability is released by CodexThemes. 5. Conduct thorough security testing and code review of customizations related to TheGem theme to identify and remediate any additional authorization weaknesses. 6. Employ logging and alerting mechanisms to detect unauthorized changes or access attempts. 7. Consider isolating critical web assets and using multi-factor authentication (MFA) for all privileged accounts to reduce the risk of account compromise that could lead to exploitation.