craftcms News Articles
Recent news articles refferecing the vendors vulnerabilities.
eSecurity PlanetCVE-2025-32432Critical Craft CMS Flaws Exploited in Wild
Craft CMS flaws CVE-2025-32432 and CVE-2024-58136 are under active attack. Over 300 servers breached—patch your sites now to avoid compromise.
2 weeks ago
Security AffairsCVE-2025-32432Attackers chained Craft CMS zero-days attacks in the wild
Orange Cyberdefense's CSIRT reported that threat actors exploited two vulnerabilities in Craft CMS to breach servers and steal data.
2 weeks ago
The Hacker NewsCVE-2025-32432Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
Threat actors exploited Craft CMS zero-days CVE-2025-32432 and CVE-2024-58136, compromising 300 of 13,000 vulnerable servers.
2 weeks ago
Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites
Threat actors have exploited a zero-day vulnerability in Craft CMS to execute PHP code on hundreds of websites.
2 weeks ago
CybersecurityNewsCVE-2025-32432Critical Craft CMS RCE 0-Day Vulnerability Exploited in Attacks to Steal Data
The vulnerability, tracked as CVE-2025-32432 and assigned a maximum CVSS score of 10.0, affects all versions of Craft CMS prior to 3.9.15, 4.14.15, and 5.6.17.
2 weeks ago
Craft CMS RCE exploit chain used in zero-day attacks to steal data
Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense.
2 weeks ago
CISA flags Craft CMS code injection flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks.
The Hacker NewsCVE-2025-23209CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
CISA adds CVE-2025-23209 to its KEV list as Craft CMS faces active exploitation, urging agencies to patch by March 13, 2025.
CISA Warns of Attacks Exploiting Craft CMS Vulnerability
CISA has added a Craft CMS flaw tracked as CVE-2025-23209 to its Known Exploited Vulnerabilities (KEV) catalog.
Cyber Security NewsCVE-2024-56145Critical PHP Zero-Day Vulnerability in Craft CMS Lets Hackers Gain Remote Access
A significant security vulnerability in Craft CMS, one of the most widely used PHP-based content management systems, has been uncovered, allowing unauthenticated remote code execution (RCE) under default configurations.
InformNNY.comCVE-2024-56145Assetnote Researchers Discover Zero-Day (CVE-2024-56145) in Craft CMS
Assetnote BRISBANE, AUSTRALIA, December 20, 2024 /EINPresswire.com/ -- A critical security vulnerability has been discovered by Assetnote in Craft CMS that could allow unauthenticated attackers to execute arbitrary code on affected systems. Craft CMS is one of the world's most popular content manage...
FOX16.comCVE-2024-56145Assetnote Researchers Discover Zero-Day (CVE-2024-56145) in Craft CMS
Assetnote BRISBANE, AUSTRALIA, December 20, 2024 /EINPresswire.com/ -- A critical security vulnerability has been discovered by Assetnote in Craft CMS that could allow unauthenticated attackers to execute arbitrary code on affected systems. Craft CMS is one of the world's most popular content manage...
KGET.comCVE-2024-56145Assetnote Researchers Discover Zero-Day (CVE-2024-56145) in Craft CMS
Assetnote BRISBANE, AUSTRALIA, December 20, 2024 /EINPresswire.com/ -- A critical security vulnerability has been discovered by Assetnote in Craft CMS that could allow unauthenticated attackers to execute arbitrary code on affected systems. Craft CMS is one of the world's most popular content manage...