InfoSecBulletin Cybersecurity for mankind
CISA has added a serious security flaw in the Craft content management system (CMS) to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation.
The vulnerability CVE-2025-23209 (CVSS score: 8.1) affects Craft CMS versions 4 and 5. It was fixed by the maintainers in late December 2024 with versions 4.13.8 and 5.5.8.
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
CIRT alert Situational Awareness for Eid Holidays
Cyberattack on Malaysian airports: PM rejected $10 million ransom
Micropatches released for Windows zero-day leaking NTLM hashes
VMware Patches Authentication Bypass Flaw in Windows Tool
“Craft CMS contains a code injection vulnerability that allows for remote code execution as vulnerable versions have compromised user security keys,” the agency said.
The vulnerability affects the following version of the software –
>= 5.0.0-RC1, < 5.5.5
>= 4.0.0-RC1, < 4.13.8
In an advisory released on GitHub, Craft CMS noted that all unpatched versions of Craft with a compromised security key are impacted by the security defect.
“If you can’t update to a patched version, then rotating your security key and ensuring its privacy will help to mitigate the issue,” it noted.
It’s unclear how the user security keys were compromised or the circumstances surrounding it.
FCEB agencies should apply the necessary fixes to reduce the risk from the vulnerability by March 13, 2025.
In December 2024, Craft CMS reported active exploitation of a security flaw (CVE-2024-56145) that allows remote code execution if the PHP register_argc_argv setting is enabled. This vulnerability has not yet been included in CISA’s KEV catalog.
Test this free automated tool to hunt for exposed AWS secrets
