Source: www.securityweek.com – Author: Eduard Kovacs
A vulnerability patched recently in the Craft content management system (CMS) is being exploited in attacks, according to the cybersecurity agency CISA.
The agency added the flaw, tracked as CVE-2025-23209, to its Known Exploited Vulnerabilities (KEV) catalog on Thursday, alongside a Palo Alto Networks firewall vulnerability that has been exploited in the wild.
The Craft CMS has a relatively small market share, but it’s still used by tens of thousands of websites. Netlas has reported seeing over 41,000 instances that are ‘probably’ affected by CVE-2025-23209.
The Craft vulnerability identified as CVE-2025-23209 was patched in mid-January with the release of versions 5.5.8 and 4.13.8. It has been described as a high-severity remote code execution vulnerability that affects Craft installations where the security key has already been compromised.
CISA has added the vulnerability to its KEV catalog and instructed federal agencies to address it by March 13, but there do not appear to be any public reports describing attacks that involve CVE-2025-23209.
On the other hand, a different Craft CMS vulnerability, one tracked as CVE-2024-56145 and which also allows remote code execution, has been confirmed to be exploited by Craft developers.
CVE-2024-56145 was patched in mid-November 2024 and Craft developers warned users about its active exploitation in December 2024. CVE-2024-56145 has yet to be added to CISA’s KEV catalog.
SecurityWeek has reached out to Craft developers for information on the attacks exploiting CVE-2025-23209 and will update this article if they respond.
Advertisement. Scroll to continue reading.
Related: New Windows Zero-Day Exploited by Chinese APT
Related: Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack
Related: Russian Hackers Exploited 7-Zip Zero-Day Against Ukraine
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Daily Briefing Newsletter
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.
Learn best practices to plan, prepare, and recover from a ransomware incident.
Original Post URL: https://www.securityweek.com/cisa-warns-of-attacks-exploiting-craft-cms-vulnerability/
Category & Tags: Vulnerabilities,CISA KEV,Craft,exploited – Vulnerabilities,CISA KEV,Craft,exploited
Views: 2
