Security News > 2025 > April > Craft CMS RCE exploit chain used in zero-day attacks to steal data

Craft CMS RCE exploit chain used in zero-day attacks to steal data

2025-04-25 19:44

Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. [...]

News URL

https://www.bleepingcomputer.com/news/security/craft-cms-rce-exploit-chain-used-in-zero-day-attacks-to-steal-data/

#attack #CMS #exploit #RCE #stealdata #zeroday

Related news

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
EncryptHub linked to MMC zero-day attacks on Windows systems (source)
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices (source)
PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks (source)
Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
CentreStack RCE exploited as zero-day to breach file sharing servers (source)
Apple fixes two zero-days exploited in targeted iPhone attacks (source)

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.