CISA Alerts on Active Exploitation of Craft CMS Code Injection Vulnerability

CISA Alerts on Active Exploitation of Craft CMS Code Injection Vulnerability

First seen 23 Mar 2026, 12:36 UTC GbhackersCybersecuritynewsSecurityaffairs.CoFeeds2.FeedburnerScworld+3 83% similarity 72.9

Article Content

Browse articles
ThreatCluster

CISA has added a critical vulnerability in Craft CMS, tracked as CVE-2025-32432, to its Known Exploited Vulnerabilities catalog due to confirmed active exploitation. This code injection flaw is categorized under CWE-94 and poses a significant risk to organizations using this content management system. Security teams are urged to implement mitigations immediately to prevent severe network compromises. The vulnerability was published on April 25, 2025, and added to the KEV on March 20, 2026. The first public proof of concept (PoC) was released shortly after the vulnerability's publication. Organizations are advised to prioritize patching and monitoring for potential attacks. The scope of impact includes all users of Craft CMS, which could lead to unauthorized access and data breaches if not addressed promptly.

Key Points: • CVE-2025-32432 is a critical code injection vulnerability in Craft CMS. • CISA added the vulnerability to its KEV catalog due to active exploitation. • Immediate mitigations are recommended to prevent severe network compromises.

ThreatCluster AI

Timeline

2025-04-25
CVE-2025-32432 published
2025-04-27
First public PoC released
2026-03-20
CVE-2025-32432 added to CISA KEV catalog
2026-03-23
CISA issues warning about active exploitation

Community

Browse all →