CVE-2025-23209

Name of the Vulnerable Software and Affected Versions Craft CMS versions prior to 4.13.8 Craft CMS versions prior to 5.5.8

Description This is a remote code execution (RCE) vulnerability that affects Craft CMS versions 4 and 5, specifically those with compromised security keys. The vulnerability allows attackers to execute arbitrary code on the affected system, potentially leading to unauthorized access and data breaches. According to CISA, this vulnerability is being actively exploited in cyberattacks, with approximately 41,000 instances potentially affected.

Recommendations Update to Craft CMS version 4.13.8 or later. Update to Craft CMS version 5.5.8 or later. If updating is not possible, rotate the security key and ensure its privacy to help mitigate the issue.