Cybersecuritynews
CISA Alerts on Active Exploitation of Craft CMS Code Injection Vulnerability
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
CISA has added a critical vulnerability in Craft CMS, tracked as CVE-2025-32432, to its Known Exploited Vulnerabilities catalog due to confirmed active exploitation. This code injection flaw is categorized under CWE-94 and poses a significant risk to organizations using this content management system. Security teams are urged to implement mitigations immediately to prevent severe network compromises. The vulnerability was published on April 25, 2025, and added to the KEV on March 20, 2026. The first public proof of concept (PoC) was released shortly after the vulnerability's publication. Organizations are advised to prioritize patching and monitoring for potential attacks. The scope of impact includes all users of Craft CMS, which could lead to unauthorized access and data breaches if not addressed promptly.
Key Points: • CVE-2025-32432 is a critical code injection vulnerability in Craft CMS. • CISA added the vulnerability to its KEV catalog due to active exploitation. • Immediate mitigations are recommended to prevent severe network compromises.