PatioTime Software Allows Attackers to Inject Malicious Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

PatioTime Software Allows Attackers to Inject Malicious Data

CVE-2025-67995

Summary

The PatioTime software fails to properly validate user input, allowing attackers to inject malicious objects. This means a hacker could potentially take control of your system or steal sensitive information. You should update PatioTime to version 2.1 or later to fix this issue.

Original title

Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injection.This issue affects PatioTime: from n/a through < 2.1.

Original description

Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injection.This issue affects PatioTime: from n/a through < 2.1.

nvd CVSS3.1 9.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Theme/patiotime/vulnerability/wordpres...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026