Lucene search
K

7 matches found

GithubExploit
GithubExploit
added 2026/03/29 4:41 p.m.274 views

Exploit for Code Injection in Craftcms Craft_Cms

CVE-2025-23209 For authorized security testing and research e...

8.1CVSS7.5AI score0.04714EPSS
Exploits1
OSV
OSV
added 2025/08/08 7:32 p.m.6 views

GHSA-2VCF-QXV3-2MGW Craft CMS has a theoretical bypass for CVE-2025-23209

Pre-requisites: Have a compromised security key https://craftcms.com/knowledge-base/securing-craftkeep-your-secrets-secret Somehow, manage to create an arbitrary file in Craft’s /storage/backups folder. With those two pieces in place, you could create a specific, malicious request to the...

7.7CVSS9.8AI score0.04714EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2025/02/21 7:26 a.m.24 views

CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks

A high-severity security flaw impacting the Craft content management system CMS has been added by the U.S. Cybersecurity and Infrastructure Security Agency CISA to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is...

9.3CVSS8.3AI score0.97446EPSS
Exploits10
Circl
Circl
added 2025/01/18 12:57 a.m.26 views

CVE-2025-23209

creationtimestamp| type| source ---|---|--- 2025-01-18 00:57:13+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2270 2025-01-18 01:15:48+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfy54asrpp2f 2025-01-18 01:48:56+00:00| seen|...

8.1CVSS7.5AI score0.04714EPSS
Exploits1References43
Cvelist
Cvelist
added 2025/01/18 12:32 a.m.25 views

CVE-2025-23209 Potential RCE with a compromised security key in craft/cms

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution RCE vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a...

8CVSS0.04714EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/01/18 12:32 a.m.17 views

CVE-2025-23209 Potential RCE with a compromised security key in craft/cms

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution RCE vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a...

8CVSS7.7AI score0.04714EPSS
Exploits1References3
OSV
OSV
added 2025/01/18 12:32 a.m.14 views

CVE-2025-23209 Potential RCE with a compromised security key in craft/cms

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution RCE vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a...

8CVSS8.9AI score0.04714EPSS
Exploits1References6
Rows per page
Query Builder