Remote Code Execution Vulnerability in Craft CMS by Craft
CVE-2025-23209
Key Information:
- Vendor
- Craftcms
- Status
- Cms
- Vendor
- CVE Published:
- 18 January 2025
Badges
What is CVE-2025-23209?
CVE-2025-23209 is a remote code execution (RCE) vulnerability found in Craft CMS, a popular content management system designed for creating and managing custom digital experiences on the web. This particular vulnerability affects installations of Craft 4 and 5 where the application's security key has been compromised. If exploited, it could allow attackers to execute malicious code remotely, potentially leading to unauthorized access, data breaches, and system disruptions. Organizations using affected versions without applying the necessary patches may face significant risks, as the integrity and confidentiality of their web applications could be severely compromised.
Technical Details
The vulnerability is specifically triggered in scenarios where the security key of Craft CMS has already been exposed or compromised. This situation can occur due to various security lapses, such as weak key generation or improper handling and storage of sensitive credentials. Craft CMS has addressed this vulnerability in the updated versions 5.5.8 and 4.13.8, necessitating users to either upgrade to these patched versions or take alternative measures, such as rotating their security keys, to mitigate the risks.
Potential impact of CVE-2025-23209
-
Unauthorized Remote Access: Exploitation of this vulnerability could enable attackers to gain unauthorized access to the system, allowing them to modify content, steal sensitive data, or alter user permissions.
-
Data Breaches: An attacker could potentially execute arbitrary code that leads to data breaches, which could compromise both organizational data and personal information of users, resulting in severe reputational and legal repercussions.
-
System Compromise: The ability to run malicious code remotely means that attackers could deploy further attacks, install malware, or establish backdoors, leading to extended compromises across organizational networks and systems.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
cms >= 5.0.0-RC1, < 5.5.5 < 5.0.0-RC1, 5.5.5
cms >= 4.0.0-RC1, < 4.13.8 < 4.0.0-RC1, 4.13.8
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
CISA flags Craft CMS code injection flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks.
1 day ago
Security AffairsU.S. CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Craft CMS and Palo Alto Networks PAN-OS vulnerabilities to its Known Exploited Vulnerabilities catalog.
1 day ago
The Hacker NewsCVE-2025-23209CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
CISA adds CVE-2025-23209 to its KEV list as Craft CMS faces active exploitation, urging agencies to patch by March 13, 2025.
1 day ago
References
CVSS V3.1
Timeline
- 📰
First article discovered by SecurityWeek
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published