7 matches found
Exploit for Code Injection in Craftcms Craft_Cms
CVE-2025-23209 For authorized security testing and research e...
GHSA-2VCF-QXV3-2MGW Craft CMS has a theoretical bypass for CVE-2025-23209
Pre-requisites: Have a compromised security key https://craftcms.com/knowledge-base/securing-craftkeep-your-secrets-secret Somehow, manage to create an arbitrary file in Craft’s /storage/backups folder. With those two pieces in place, you could create a specific, malicious request to the...
CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
A high-severity security flaw impacting the Craft content management system CMS has been added by the U.S. Cybersecurity and Infrastructure Security Agency CISA to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is...
CVE-2025-23209
creationtimestamp| type| source ---|---|--- 2025-01-18 00:57:13+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2270 2025-01-18 01:15:48+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfy54asrpp2f 2025-01-18 01:48:56+00:00| seen|...
CVE-2025-23209 Potential RCE with a compromised security key in craft/cms
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution RCE vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a...
CVE-2025-23209 Potential RCE with a compromised security key in craft/cms
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution RCE vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a...
CVE-2025-23209 Potential RCE with a compromised security key in craft/cms
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution RCE vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a...