Summary: A recently patched vulnerability in the Craft content management system (CVE-2025-23209) is actively being exploited in cyberattacks, according to CISA. Although Craft CMS has a limited market share, an estimated 41,000 instances are likely affected by this high-severity remote code execution flaw. Federal agencies have been instructed to address the vulnerability by March 13, but no public reports confirm attacks utilizing this specific flaw yet.
Affected: Craft content management system (CMS)
Keypoints :
- Craft CMS vulnerability CVE-2025-23209 is a high-severity remote code execution flaw.
- The flaw was patched in versions 5.5.8 and 4.13.8 released in mid-January.
- CISA has added this vulnerability to its KEV catalog, urging federal agencies to take action.
- Another Craft CMS vulnerability, CVE-2024-56145, has also been exploited but has not yet been added to the KEV catalog.
Source: https://www.securityweek.com/cisa-warns-of-attacks-exploiting-craft-cms-vulnerability/
Views: 12