Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
* Last update: 18/04/2025
* Affected software:: Craft CMS
* Type: Improper Control of Generation of Code ('Code Injection')
* CVE/CVSS
→ CVE-2025-32432: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L)
CraftCMS https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432
Orange Cyberdefense https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/
Craft CMS is a development tool that allows users—especially those without deep programming skills—to create websites.
On the 24 of April 2025, Craft CMS warned their users about a critical vulnerability (CVE-2025-32432) being actively exploited.
By exploiting this vulnerability, attackers can remotely execute code on the targeted webserver.
This vulnerability has a high impact on both Confidentiality and Integrity and a low impact on Availability.
The vulnerability is actively exploited, has a low-complexity and there are code examples available online for attackers to use.
An unauthenticated attacker can, through sending specific requests to the “generate-transform” endpoint, execute PHP functions and download files on the server to be executed later.
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:< https://ccb.belgium.be/cert/report-incident>.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
NIST NVD https://nvd.nist.gov/vuln/detail/CVE-2025-32432
Craft CMS Github https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3