Warning: Critical vulnerability, actively exploited, Code Injection vulnerability in Craft CMS, Patch Immediately!

Image
Decorative image
Veröffentlicht : 28/04/2025

 

    * Last update:  18/04/2025
   
    * Affected software:: Craft CMS
 
    * Type: Improper Control of Generation of Code ('Code Injection')
 
    * CVE/CVSS
        → CVE-2025-32432: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L)
 

 

Sources

 
CraftCMS https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432
Orange Cyberdefense https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/
 

Risks

Craft CMS is a development tool that allows users—especially those without deep programming skills—to create websites.

On the 24 of April 2025, Craft CMS warned their users about a critical vulnerability (CVE-2025-32432) being actively exploited.

By exploiting this vulnerability, attackers can remotely execute code on the targeted webserver.

This vulnerability has a high impact on both Confidentiality and Integrity and a low impact on Availability.

The vulnerability is actively exploited, has a low-complexity and there are code examples available online for attackers to use.
 

Description

An unauthenticated attacker can, through sending specific requests to the “generate-transform” endpoint, execute PHP functions and download files on the server to be executed later.
 

Recommended Actions

 
Patch  
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
 
Monitor/Detect  
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
 
In case of an intrusion, you can report an incident via:< https://ccb.belgium.be/cert/report-incident>.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
 
 

References

 
NIST NVD https://nvd.nist.gov/vuln/detail/CVE-2025-32432
Craft CMS Github https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3