CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks

Avatar
A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the
[[{“value”:”

A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the project maintainers in late December 2024 in versions 4.13.8 and 5.5.8.

“Craft CMS contains a code injection vulnerability that allows for remote code execution as vulnerable versions have compromised user security keys,” the agency said.

The vulnerability affects the following version of the software –

>= 5.0.0-RC1, < 5.5.5
>= 4.0.0-RC1, < 4.13.8

In an advisory released on GitHub, Craft CMS noted that all unpatched versions of Craft with a compromised security key are impacted by the security defect.

“If you can’t update to a patched version, then rotating your security key and ensuring its privacy will help to mitigate the issue,” it noted.

It’s currently not clear how the user security keys were compromised, and in what context. To alleviate the risk posed by the vulnerability, it’s recommended that Federal Civilian Executive Branch (FCEB) agencies apply the necessary fixes by March 13, 2025.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Previous Post

China-linked hackers target European healthcare orgs in suspected espionage campaign

Next Post

Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks

Related Posts

Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks

A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks. The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States.
Avatar
Read More

Product Review: How Reco Discovers Shadow AI in SaaS

As SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI.  Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist with writing code, a salesperson downloading an AI-powered meeting transcription tool, or a
Avatar
Read More