The vulnerability identified as CVE-2025-60125 affects themelooks FoodBook versions up to 4.7.6. It involves the insertion of sensitive information into data sent by the application, which can lead to unauthorized retrieval of embedded sensitive data. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates that the attack can be performed remotely over the network without privileges or user interaction, impacting confidentiality with low severity. No official patch or vendor advisory is currently available, and no exploits have been reported in the wild.

The vulnerability allows an attacker to retrieve sensitive information embedded in data sent by the FoodBook application, potentially exposing confidential data. The impact is limited to confidentiality loss without affecting data integrity or availability. Given the medium CVSS score of 5.3, the risk is moderate but should be addressed to prevent data leakage.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix is currently documented, users should monitor vendor communications for updates. Until a fix is available, consider restricting network access to the affected FoodBook instances and reviewing data handling practices to minimize sensitive data exposure.