CVE-2025-64374 is a critical security vulnerability identified in the StylemixThemes Motors WordPress theme, versions up to 5.6.81. The vulnerability allows an authenticated user with low privileges to perform an unrestricted upload of files with dangerous types, bypassing any file type validation or restrictions. This can enable attackers to upload malicious scripts or executables, such as PHP web shells, which can be executed on the server. The vulnerability does not require user interaction and has a low attack complexity, making exploitation straightforward once an attacker has valid credentials. The scope of impact is complete, as successful exploitation can lead to full compromise of the web server, including unauthorized access to sensitive data, modification or deletion of content, and disruption of service. The CVSS v3.1 base score is 9.9, reflecting the critical nature of this flaw with network attack vector, low complexity, privileges required but no user interaction, and complete impact on confidentiality, integrity, and availability. No official patches or exploit code are currently publicly available, but the vulnerability is published and known. The issue arises from insufficient validation and sanitization of uploaded files within the Motors theme, a popular WordPress theme used primarily for automotive and classified ads websites. Attackers can leverage this to gain remote code execution capabilities, potentially pivoting to other internal systems or deploying ransomware. The vulnerability highlights the importance of secure file upload handling in web applications, especially in widely deployed CMS themes.

For European organizations, the impact of CVE-2025-64374 can be severe. Many businesses in Europe rely on WordPress themes like Motors for automotive marketplaces, classified ads, and dealership websites. Exploitation can lead to unauthorized access to customer data, including personal and financial information, violating GDPR and other data protection regulations. The integrity of website content can be compromised, damaging brand reputation and trust. Availability may be disrupted through defacement or ransomware deployment, causing operational downtime and financial losses. Given the criticality of the vulnerability and ease of exploitation, attackers could rapidly compromise multiple sites, especially if credentials are leaked or weak. This risk is heightened in sectors with high digital presence such as automotive sales, leasing, and classifieds, which are significant in countries like Germany, France, Italy, Spain, and the UK. Additionally, compromised sites can be used as launchpads for further attacks within corporate networks or supply chains. The lack of known exploits currently provides a window for proactive defense, but the threat landscape could quickly evolve once exploit code is developed.

1. Immediate action should be to monitor for updates or patches from StylemixThemes and apply them as soon as they are released. 2. Until patches are available, restrict file upload permissions to trusted users only and disable file uploads where not necessary. 3. Implement strict server-side validation of uploaded files, including MIME type checks, file extension whitelisting, and scanning for malicious content. 4. Use web application firewalls (WAFs) with rules to detect and block suspicious upload attempts or execution of unauthorized scripts. 5. Regularly audit user accounts and enforce strong authentication mechanisms to reduce the risk of credential compromise. 6. Employ intrusion detection and prevention systems to monitor for anomalous behavior indicative of exploitation attempts. 7. Backup website data frequently and ensure backups are stored securely offline to enable recovery in case of compromise. 8. Educate administrators and users about the risks of uploading untrusted files and the importance of security hygiene. 9. Consider isolating the web server environment with containerization or sandboxing to limit the impact of potential exploitation. 10. Review and harden WordPress configurations and plugins to minimize attack surface.