PT-2025-17927 · Craft · Craft

Nicolas Bourras

+2

·

Published

2025-04-25

·

Updated

2025-07-24

·

CVE-2025-32432

CVSS v3.1
10
VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions:

Craft CMS versions 3.0.0-RC1 through 3.9.14

Craft CMS versions 4.0.0-RC1 through 4.14.14

Craft CMS versions 5.0.0-RC1 through 5.6.16

Description:

The issue is related to a remote code execution vulnerability in Craft CMS, which allows unauthenticated attackers to execute arbitrary code on the server. This vulnerability has been exploited in the wild, with approximately 13,000 vulnerable instances and around 300 already compromised. The attackers are using this vulnerability to deploy cryptominers and proxyware, allowing them to generate revenue through cryptocurrency mining and proxy services. The vulnerability is considered high-impact and low-complexity, making it easily exploitable.

Recommendations:

Update to Craft CMS version 3.9.15 or later

Update to Craft CMS version 4.14.15 or later

Update to Craft CMS version 5.6.17 or later

As a temporary workaround, consider disabling any unnecessary plugins or modules to minimize the risk of exploitation.

Exploit

Fix

RCE

Code Injection

Weakness Enumeration

Related Identifiers

BDU:2025-06516
CVE-2025-32432
GHSA-F3GW-9WW9-JMC3

Affected Products

Craft