Security News > 2025 > February > CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
2025-02-21 07:26
A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the
News URL
https://thehackernews.com/2025/02/cisa-flags-craft-cms-vulnerability-cve.html
Related news
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- CISA flags Craft CMS code injection flaw as exploited in attacks (source)
- CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-18 | CVE-2025-23209 | Code Injection vulnerability in Craftcms Craft CMS 4.0.0/5.0.0 Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. | 8.1 |