What is the severity of CVE-2025-67684?

CVE-2025-67684 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2025-67684?

No known public exploits are currently available for CVE-2025-67684.

Is there a patch available for CVE-2025-67684?

No official patches have been released yet for CVE-2025-67684. Consider implementing workarounds or mitigations.

CVE-2025-67684 - CVE Details, Severity, and Analysis

Severity Scores

CVSS v30.0

CVSS v20.0

Priority Score0.0

EPSS Score1.0

None

Exploitation LikelihoodLow

1.00%EPSS

Lower probability of exploitation

Patch during regular maintenance

1.00%

EPSS

0.0

CVSS

No

Exploit

No

Patch

Medium Priority

no patch

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code, resulting in Remote Code Execution on the server.

The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

CVSS v3 Breakdown

Attack Vector:-

Attack Complexity:-

Privileges Required:-

User Interaction:-

Scope:-

Confidentiality:-

Integrity:-

Availability:-