CraftCMS - Remote Code Execution

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity...

Exploit for Code Injection in Craftcms Craft_Cms

CVE-2025-32432 Here's the updated README file, now including t...

📄 Craft CMS 5.0 Authentication Session Path Exposure

Proof of concept exploit that demonstrates an authentication session path exposure vulnerability in Craft CMS version 5.0. ============================================================================================================================================= | Title : Craft CMS 5.0...

Exploit for Code Injection in Craftcms Craft_Cms

CraftCMS CVE-2025-32432 Vulnerability Exploitation Tool Set A...

Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability

Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 ...

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System CMS to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware. The...

Yiiframework Yii Improper Protection of Alternate Path Vulnerability

Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other products that implement Yii, including—but not limited to—Craft CMS, as represented by CVE-2025-32432...

Exploit for Code Injection in Craftcms Craft_Cms

CraftCMS CVE-2025-32432 Exploit By Chirag Artani Overview...

CVE-2025-32432

creationtimestamp| type| source ---|---|--- 2025-04-25 15:45:50+00:00| seen| https://bsky.app/profile/onyphe.io/post/3lnnkxcegak22 2025-04-25 16:48:14+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114399621496612469 2025-04-25 18:02:30+00:00| seen|...

CVE-2025-32432

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity...

CVE-2025-32432 Craft CMS Allows Remote Code Execution

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity...