The U.S. Cybersecurity & Infrastructure Safety Company (CISA) warns {that a} Craft CMS distant code execution flaw is being exploited in assaults.
The flaw is tracked as CVE-2025-23209 and is a excessive severity (CVSS v3 rating: 8.0) code injection (RCE) vulnerability impacting Craft CMS variations 4 and 5.
Craft CMS is a content material administration system (CMS) used for constructing web sites and customized digital experiences.
Not many technical particulars about CVE-2025-23209 can be found, however exploitation is not simple, because it requires the set up’s safety key to have already been compromised.
In Craft CMS, the safety key is a cryptographic key that secures person authentication tokens, session cookies, database values, and delicate utility information.
The CVE-2025-23209 vulnerability solely turns into a problem if an attacker has already obtained this safety key, which opens the best way to decrypt delicate information, generate pretend authentication tokens, or inject and execute malicious code remotely.
CISA has added the flaw to KEV with out sharing any details about the scope and origin of the assaults and who the targets are.
Federal businesses have till March 13, 2025, to patch the Craft CMS flaw.
The flaw has been patched in Craft model 5.5.8 and 4.13.8, so customers are really helpful to improve to these releases or later as quickly as attainable.
In the event you suspect compromise, it is strongly recommended that you just delete previous keys contained in ‘.env’ recordsdata and generate new ones utilizing php craft setup/security-key command. Notice that key adjustments render any information encrypted with a earlier key inaccessible.
Together with CVE-2025-23209, CISA additionally added a vulnerability in Palo Alto Networks firewalls (CVE-2025-0111) to the Identified Exploited Vulnerability catalog, setting the identical deadline for March 13.
This can be a file learn vulnerability impacting PAN-OS firewalls, which the seller disclosed is exploited by hackers as a part of an exploit chain with CVE-2025-0108 and CVE-2024-9474.
For the PAN-OS variations that deal with this flaw, impacted customers can try Palo Alto Networks’ safety bulletin.