Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical vulnerability, actively exploited, Code Injection vulnerability in Craft CMS, Patch Immediately!
Image
Published : 28/04/2025
* Last update: 18/04/2025
* Affected software:: Craft CMS
* Type: Improper Control of Generation of Code ('Code Injection')
* CVE/CVSS
→ CVE-2025-32432: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L)
Sources
CraftCMS https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432
Orange Cyberdefense https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/
Risks
Craft CMS is a development tool that allows users—especially those without deep programming skills—to create websites.
On the 24 of April 2025, Craft CMS warned their users about a critical vulnerability (CVE-2025-32432) being actively exploited.
By exploiting this vulnerability, attackers can remotely execute code on the targeted webserver.
This vulnerability has a high impact on both Confidentiality and Integrity and a low impact on Availability.
The vulnerability is actively exploited, has a low-complexity and there are code examples available online for attackers to use.
Description
An unauthenticated attacker can, through sending specific requests to the “generate-transform” endpoint, execute PHP functions and download files on the server to be executed later.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:< https://ccb.belgium.be/cert/report-incident>.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
NIST NVD https://nvd.nist.gov/vuln/detail/CVE-2025-32432
Craft CMS Github https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3