CVE-2025-53194 HIGH

CVE-2025-53194: WordPress JetEngine <= 3.7.0 - Remote Code Execution (RCE) Vulnerability

Vendor Crocoblock
Product JetEngine
Weakness CWE-82
Published August 20, 2025
Last update April 28, 2026

CVSS base score

8.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through <= 3.7.0.

Explanation of Vulnerability in Simple Terms

02Summary

JetEngine versions up to 3.7.0 contain a privilege escalation vulnerability that allows authenticated users with low privileges to gain high-level access to the site. The vulnerability requires specific attack conditions but can result in complete compromise of site data and functionality. Administrators should update to a version newer than 3.7.0 immediately.

What an attacker can do

03Attacker Capabilities

Read, modify, or delete site data; run code on the site; affect site availability.

Potential impact on your site

04Site Impact

Compromised user accounts, data theft, malware injection, or site downtime if exploited.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege user account; specific attack conditions must be met.

Key dates

06Disclosure timeline

August 20, 2025 CVE published
April 28, 2026 Record updated