Craft CMS - Geek Feed

Craft CMS RCE exploit chain used in zero-day attacks to steal data

April 27, 2025April 27, 2025 geekfeed0Tagged 0day, CMS, Craft CMS, CVE-2024-58136, CVE-2025-32432, vulnerability, Zero-Day

Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. The vulnerabilities were discovered by Orange Cyberdefense’s CSIRT, which was called in to investigate a compromised server. As part of the investigation, they discovered that two zero-day vulnerabilities impacting Craft CMS […]

3 mins read

CISA flags Craft CMS code injection flaw as exploited in attacks

February 23, 2025February 23, 2025 geekfeed0Tagged Actively Exploited, CISA, Craft CMS, CVE-2025-23209, exploit, KEV, rce, Remote Code Execution, united states, vulnerability

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high severity (CVSS v3 score: 8.0) code injection (RCE) vulnerability impacting Craft CMS versions 4 and 5. Craft CMS is a content management system (CMS) used […]

2 mins read