CVE-2025-32432

Name of the Vulnerable Software and Affected Versions Craft CMS versions 3.0.0-RC1 through 3.9.14 Craft CMS versions 4.0.0-RC1 through 4.14.14 Craft CMS versions 5.0.0-RC1 through 5.6.16

Description The issue is related to a remote code execution vulnerability in Craft CMS, which allows unauthenticated attackers to execute arbitrary code on the server. This vulnerability has been exploited in the wild, with approximately 13,000 vulnerable instances and around 300 already compromised. The attackers are using this vulnerability to deploy cryptominers and proxyware, allowing them to generate revenue through cryptocurrency mining and proxy services. The vulnerability is considered high-impact and low-complexity, making it easily exploitable.

Recommendations Update to Craft CMS version 3.9.15 or later Update to Craft CMS version 4.14.15 or later Update to Craft CMS version 5.6.17 or later As a temporary workaround, consider disabling any unnecessary plugins or modules to minimize the risk of exploitation.