Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
WARNING: CRITICAL VULNERABILITY IN CRAFT CMS IS ACTIVELY EXPLOITED, PATCH IMMEDIATELY!
Image
Gepubliceerd : 21/02/2025
Reference:
Advisory #2025-40
Version:
1.0
Affected software:
Craft CMS
• Versions 4.0.0-RC1 through 4.13.7
• Versions 5.0.0-RC1 through 5.5.4
Type:
Remote Code Execution, RCE
CVE/CVSS:
CVE-2025-23209: CVSS 8.0 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)
Sources
CraftCMS - https://github.com/craftcms/cms/security/advisories/GHSA-x684-96hh-833x
Risks
CVE-2025-23209 is a critical remote code execution (RCE) vulnerability identified in Craft CMS versions 4 and 5. This vulnerability becomes exploitable when an attacker’s security key has been compromised, allowing unauthorized individuals to execute arbitrary code within the Craft CMS environment. The issue arises from improper control over code generation, leading to potential code injection attacks.
Installations are at risk if they are running unpatched versions and the security key has been compromised. It’s important to note that the vulnerability is contingent upon prior compromise of the security key; without this, the exploit cannot be executed. It's currently not clear how the user security keys were compromised, and in what context.
CISA has reported active exploitation of this vulnerability and included it in its KEV list.
Description
CVE-2025-23209 is a critical vulnerability which impacts Craft CMS versions 4 and 5. It was addressed by the project maintainers in late December 2024 in versions 4.13.8 and 5.5.8. The vulnerability is actively exploited in the wild.
Exploiting this vulnerability can result in Remote Code Execution (RCE). However, exploiting this vulnerability requires that the security key has already been compromised. Currently, it's unclear how the security keys were compromised. If you can't update to a patched version, rotating your security key and ensuring its privacy will help mitigate the issue.
The vulnerability affects the following versions of Craft CMS:
- Versions 4.0.0-RC1 through 4.13.7
- Versions 5.0.0-RC1 through 5.5.4
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
WNE Security - https://wnesecurity.com/cve-2025-23209-craft-cms-code-injection-vulnerability/
TheHackerNews - https://thehackernews.com/2025/02/cisa-flags-craft-cms-vulnerability-cve.html
CraftCMS - https://craftcms.com/knowledge-base/securing-craft#keep-your-secrets-secret