CVE Alert: CVE-2025-23209
Vulnerability Summary: CVE-2025-23209
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue.
Affected Endpoints:
No affected endpoints listed.
Published Date:
1/18/2025, 1:15:07 AM
🔥 CVSS Score:
Exploit Status:
Not ExploitedEPS Score: 0.00045 | Ranking EPS: 0.17681
References:
- https://craftcms.com/knowledge-base/securing-craft#keep-your-secrets-secret
- https://github.com/craftcms/cms/commit/e59e22b30c9dd39e5e2c7fe02c147bcbd004e603
- https://github.com/craftcms/cms/security/advisories/GHSA-x684-96hh-833x
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
