Security News > 2025 > February > CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
2025-02-21 07:26
A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the
News URL
https://thehackernews.com/2025/02/cisa-flags-craft-cms-vulnerability-cve.html
Related news
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- CISA tags NAKIVO backup flaw as actively exploited in attacks (source)
- NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-18 | CVE-2025-23209 | Code Injection vulnerability in Craftcms Craft CMS Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. | 8.1 |