The vulnerability CVE-2025-64202 affects the TieLabs Sahifa WordPress theme before version 5.8.6. It is a DOM-based cross-site scripting (XSS) issue caused by improper neutralization of input during web page generation. This allows an attacker with low privileges and requiring user interaction to potentially execute arbitrary scripts in the context of the victim's browser session. The CVSS 3.1 base score is 6.5, reflecting network attack vector, low attack complexity, low privileges required, user interaction needed, and impacts on confidentiality, integrity, and availability at a low level.

Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to partial disclosure of information, modification of data, or disruption of service. The impact is rated medium based on the CVSS score of 6.5. There are no known active exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or advisory is provided, users should monitor TieLabs communications for updates. Until a fix is available, consider limiting user privileges and educating users about the risks of interacting with untrusted content to reduce exposure.