AI description
CVE-2025-23209 is a code injection vulnerability found in Craft CMS versions 4 and 5. Exploitation of this vulnerability allows for remote code execution on affected systems. This vulnerability is only exploitable if an attacker has already compromised the user's security key. The vulnerability arises from inadequate control over code generation, which creates an opportunity for code injection attacks. Patches for this vulnerability are available in Craft CMS versions 5.5.8 and 4.13.8.
- Description
- Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Craft CMS Code Injection Vulnerability
- Exploit added on
- Feb 20, 2025
- Exploit action due
- Mar 13, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- security-advisories@github.com
- CWE-94
- Hype score
- Not currently trending
CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks #CISO https://t.co/drh4UHY5NM https://t.co/4bUnkW9pVq
@compuchris
7 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Schwachstelle CVE-2025-23209: über 140.000 Anwendungen von Sicherheitslücke in Craft CMS 4 und 5 betroffen https://t.co/W0sE31kI8O #Cybersecurity # Cybersicherheit # IT-Security # IT-Sicherheit # Threat Hunting # Attack Surface Management https://t.co/lrKtUEuMCE
@presseticker
6 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Active Exploits in Craft CMS 🚨 A critical remote code execution flaw (CVE-2025-23209) in Craft CMS v4 & v5 is being exploited. Requires security key compromise. Patch by March 13, 2025 to stay protected. 🔗https://t.co/apFXLYenxa #CyberSecurity #CraftCMS… ht
@Osec__
6 Mar 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
5 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
4 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
3 Mar 2025
30 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
2 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
1 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
28 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
28 Feb 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A CISA figyelmeztetést adott ki, miszerint a Craft CMS egyik sebezhetősége aktív kihasználás alatt áll A CISA KEV (Known Exploited Vulnerabilities) katalógusa, a CVE-2025-23209 azonosítón nyomon követett Craft CMS sebezhetőséggel egészült ki. A kiberbiztonsági ügynökség szerin…
@linuxmint_hun
27 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
27 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
26 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
25 Feb 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA has added CVE-2025-23209, a high-severity vulnerability in Craft CMS, to its Known Exploited Vulnerabilities catalog due to active exploitation. This code injection flaw allows remote code execution and affects Craft CMS versions 4 and 5. https://t.co/FPhkk48rjX
@securityRSS
24 Feb 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
24 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks https://t.co/yA2RF05Brd
@PVynckier
23 Feb 2025
109 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA FLAGS CRAFT CMS vulnerability CVE-2025-23209 In the midst of active attacks https://t.co/o6EIDUDW9W
@techonanet
23 Feb 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
23 Feb 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA Flags #Craft #CMS #Vulnerability CVE-2025-23209 Amid Active Attacks https://t.co/C6uQU3W3sY
@ScyScan
23 Feb 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨ALERT: CVE-2025-23209 hits CraftCMS hard! 😱Remote code execution risk—your user security key may have been compromised. ZoomEye Dork👉app="Craft CMS" 24.1k+ vulnerable targets spotted! 🔍Check it: https://t.co/LVIuIgXLoz 📢Details: https://t.co/I7aLYMDVA6 #RCE… https://t
@zoomeye_team
22 Feb 2025
238 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
22 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-23209 Craft CMS Code Injection Vulnerability https://t.co/m5WClrHgLv
@ScyScan
22 Feb 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks CVE-2025-23209 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/HYKFpixHTK #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
22 Feb 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Craft content management system (CMS) CVE-2025-23209 (CVSS score: 8.1) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. https://t.co/Yb0ncpwBDI https:
@riskigy
22 Feb 2025
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
22 Feb 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ CISA advierte que una vulnerabilidad de ejecución remota de código en las versiones 4 y 5 del gestor de contenidos Craft CMS (CVE-2025-23209) está siendo explotada en ciberataques. 🧉 https://t.co/LNKhBBXfap
@MarquisioX
21 Feb 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Craft CMS Remote Code Execution Vulnerability 📅 Timeline: Disclosure: 2025-02-20, Patch: 2025-02-22 📌 Attribution: 🆔cveId: CVE-2025-23209 📊baseScore: 8.0 📏cvssMetrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvssSeverity: High 🟠 🛠️exploitMaturity:
@syedaquib77
21 Feb 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns of a serious code injection flaw (CVE-2025-23209) in Craft CMS versions 4 & 5, actively exploited by attackers with system keys. Users should update and regenerate keys. 🛡️🔒 #CraftCMS #CyberAlert #USA link: https://t.co/sfr4wMikBq https://t.co/YRfp2sy8IB
@TweetThreatNews
21 Feb 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-23209
@transilienceai
21 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA warns that the high-severity Craft CMS vulnerability (CVE-2025-23209) is being exploited in cyberattacks. 41,000 instances may be affected. Patch released for versions 5.5.8 & 4.13.8. ⚠️ #CraftCMS #Vulnerability #USA link: https://t.co/NNEih2Xl4v https://t.co/pt9NXcs7DB
@TweetThreatNews
21 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks https://t.co/UcV5zxdz3T https://t.co/CZ6UotiBB4
@talentxfactor
21 Feb 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks. A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure... https://t.co/re9GncYKzG #InceptusSecure #UnderOurProtection
@Inceptus3
21 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA warns of critical CVE-2025-23209 in Craft CMS impacting versions 4 & 5. This vulnerability allows remote code execution via compromised security keys. Update now! 🔒 #CraftCMS #US #Vulnerability link: https://t.co/ZcVXqDzL1J https://t.co/9NcWVrxAdM
@TweetThreatNews
21 Feb 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks https://t.co/uIdbGNfIfi
@itsecuritynewsl
21 Feb 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks https://t.co/VYi25BLEhl
@buzz_sec
21 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23209: Code Injection in CraftCMS, 8.1 rating❗️ CraftCMS contains a code injection vuln that allows for RCE as vulnerable versions have compromised security keys. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/U3tRfXYQ5P #cybersecurity #vulnerability_map htt
@Netlas_io
21 Feb 2025
40 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23209: Code Injection in CraftCMS, 8.1 rating❗️ CraftCMS contains a code injection vuln that allows for RCE as vulnerable versions have compromised security keys. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/U3tRfXYQ5P #cybersecurity #vulnerability_map htt
@Netlas_io
21 Feb 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0111 & CVE-2025-23209: Palo Alto Firewalls and Craft CMS Under Active Attack https://t.co/vlnHi1wVWs
@samilaiho
21 Feb 2025
493 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
The CISA has flagged a critical vulnerability in Craft CMS, prompting urgent action. CVE-2025-23209 carries a high CVSS score of 8.1—indicating significant risk to any organization still using outdated versions. This code injection flaw opens the d... https://t.co/B1IATMANBL
@IT_news_for_all
21 Feb 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The CISA has flagged a critical vulnerability in Craft CMS, prompting urgent action. CVE-2025-23209 carries a high CVSS score of 8.1—indicating significant risk to any organization still using outdated versions. This code injection flaw opens the door to remote code execution,…
@TheHackersNews
21 Feb 2025
8599 Impressions
13 Retweets
29 Likes
3 Bookmarks
1 Reply
0 Quotes
CVE-2025-0111 & CVE-2025-23209: Palo Alto Firewalls and Craft CMS Under Active Attack CISA has added two security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild https://t.co/o9oS8ULQuM
@the_yellow_fall
21 Feb 2025
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Craft CMS code injection vulnerability, CVE-2025-23209, & Palo Alto Networks PAN-OS file read vulnerability, CVE-2025-0111, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks
@CISACyber
20 Feb 2025
4257 Impressions
12 Retweets
21 Likes
1 Bookmark
0 Replies
2 Quotes
CVE-2025-23209 (CVSS:8.0, HIGH) is Awaiting Analysis. Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote ..https://t.co/ckrnCfhK4s #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
23 Jan 2025
6 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23209 Remote Code Execution Vulnerability in Craft CMS with Compromised Security Key https://t.co/GgoISpIhiu
@VulmonFeeds
18 Jan 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A969ACE2-4C09-452A-B9BD-113CA9A4FF30",
"versionEndExcluding": "4.13.8",
"versionStartExcluding": "4.0.0"
},
{
"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8DBFB276-7508-492E-ACBA-A229E869A831",
"versionEndExcluding": "5.5.8",
"versionStartExcluding": "5.0.0"
},
{
"criteria": "cpe:2.3:a:craftcms:craft_cms:4.0.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "610F6DE9-720F-45B3-81D5-18E7F6B090FD"
},
{
"criteria": "cpe:2.3:a:craftcms:craft_cms:4.0.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC2F40FC-7C27-456A-B16D-679410D1D5CF"
},
{
"criteria": "cpe:2.3:a:craftcms:craft_cms:4.0.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBAA8227-04F8-404C-907B-B0162B325F5A"
},
{
"criteria": "cpe:2.3:a:craftcms:craft_cms:4.0.0:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21B28E2C-327A-4CE6-ACAD-97E459712A55"
},
{
"criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C7461CF-35AB-48E1-88B6-956DAE1D2AB4"
},
{
"criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D8E02D1-601A-4E2B-B619-4775BFDB72D0"
}
],
"operator": "OR"
}
]
}
]