The U.S. Cybersecurity & Infrastructure Safety Company (CISA) warns {that a} Craft CMS far off code execution flaw is being exploited in assaults.
The flaw is tracked as CVE-2025-23209 and is a top severity (CVSS v3 rating: 8.0) code injection (RCE) vulnerability impacting Craft CMS variations 4 and 5.
Craft CMS is a content material control gadget (CMS) used for development internet sites and customized virtual stories.
No longer many technical information about CVE-2025-23209 are to be had, however exploitation is not simple, because it calls for the set up’s safety key to have already been compromised.
In Craft CMS, the protection key’s a cryptographic key that secures person authentication tokens, consultation cookies, database values, and delicate utility information.
The CVE-2025-23209 vulnerability best turns into a subject matter if an attacker has already got this safety key, which opens tips on how to decrypt delicate information, generate pretend authentication tokens, or inject and execute malicious code remotely.
CISA has added the flaw to KEV with out sharing any details about the scope and beginning of the assaults and who the goals are.
Federal businesses have till March 13, 2025, to patch the Craft CMS flaw.
The flaw has been patched in Craft model 5.5.8 and four.13.8, so customers are beneficial to improve to these releases or later once imaginable.
In the event you suspect compromise, it is strongly recommended that you just delete outdated keys contained in ‘.env’ information and generate new ones the use of php craft setup/security-key command. Be aware that key adjustments render any information encrypted with a prior key inaccessible.
Together with CVE-2025-23209, CISA additionally added a vulnerability in Palo Alto Networks firewalls (CVE-2025-0111) to the Recognized Exploited Vulnerability catalog, atmosphere the similar time limit for March 13.
This can be a document learn vulnerability impacting PAN-OS firewalls, which the seller disclosed is exploited through hackers as a part of an exploit chain with CVE-2025-0108 and CVE-2024-9474.
For the PAN-OS variations that deal with this flaw, impacted customers can take a look at Palo Alto Networks’ safety bulletin.