Remote Code Execution Vulnerability in Craft CMS by Pixel & Tonic
CVE-2025-32432
Key Information:
Badges
What is CVE-2025-32432?
CVE-2025-32432 is a high-severity remote code execution vulnerability found in Craft CMS, a flexible content management system designed for creating custom digital experiences. This vulnerability affects specific versions of the software, enabling malicious actors to execute arbitrary code on affected installations. Organizations using Craft CMS could face considerable risks, including unauthorized data access, system compromise, and disruption of services, directly impacting their operational integrity and reputation.
Technical Details
The vulnerability exists in Craft CMS starting from version 3.0.0-RC1 up to, but not including, version 3.9.15, as well as from version 4.0.0-RC1 to before 4.14.15 and from 5.0.0-RC1 to prior to 5.6.17. Exploitation involves a low-complexity attack vector, making it relatively easy for attackers to implement. The issue has been addressed in patched versions 3.9.15, 4.14.15, and 5.6.17, along with a fix for a previously identified vulnerability (CVE-2023-41892).
Potential Impact of CVE-2025-32432
-
Unauthorized Access and Control: Attackers can gain unauthorized access to the system, potentially leading to the execution of arbitrary commands and loss of sensitive information.
-
Service Disruption: Exploiting this vulnerability can lead to service outages, disrupting business operations and affecting user experience.
-
Increased Risk of Data Breaches: Vulnerable systems may be targeted for data breaches, exposing sensitive data to unauthorized entities and resulting in significant reputational damage and regulatory consequences for affected organizations.
CISA has reported CVE-2025-32432
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-32432 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
cms >= 3.0.0-RC1, < 3.9.15 < 3.0.0-RC1, 3.9.15
cms >= 4.0.0-RC1, < 4.14.15 < 4.0.0-RC1, 4.14.15
cms >= 5.0.0-RC1, < 5.6.17 < 5.0.0-RC1, 5.6.17
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
CISA adds 5 exploited flaws (CVSS up to 10.0) to KEV, mandates April 3, 2026 patching to prevent malware and espionage attacks.
4 hours ago
The Hacker NewsCVE-2025-32432Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware
Mimo exploits CVE-2025-32432 in Craft CMS days after disclosure, deploying cryptominer and proxyware for monetization.
eSecurity PlanetCVE-2025-32432Critical Craft CMS Flaws Exploited in Wild
Craft CMS flaws CVE-2025-32432 and CVE-2024-58136 are under active attack. Over 300 servers breached—patch your sites now to avoid compromise.
References
EPSS Score
79% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 📈
Vulnerability started trending
- 🟡
Public PoC available
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 📰
First article discovered by BleepingComputer
Vulnerability published