Ongoing attacks leveraging the recently patched high-severity code injection flaw in the Craft content management system, tracked as CVE-2025-23209, have prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate the security issue by March 13, The Hacker News reports.
Threat actors could abuse the bug — which affects several Craft CMS 4 and 5 versions with compromised user security keys — to facilitate remote code execution, according to an advisory from CISA. On the other hand, organizations with vulnerable Craft CMS instances that could not apply the updated software iteration were urged by the company to rotate their security keys and implement additional privacy measures to avert potential compromise.Such a development comes more than two months after another Craft CMS vulnerability, tracked as CVE-2024-56145, was disclosed by the firm to have been targeted in active attacks that could lead to RCE. CISA has yet to include the said issue in its KEV catalog.
Threat actors could abuse the bug — which affects several Craft CMS 4 and 5 versions with compromised user security keys — to facilitate remote code execution, according to an advisory from CISA. On the other hand, organizations with vulnerable Craft CMS instances that could not apply the updated software iteration were urged by the company to rotate their security keys and implement additional privacy measures to avert potential compromise.Such a development comes more than two months after another Craft CMS vulnerability, tracked as CVE-2024-56145, was disclosed by the firm to have been targeted in active attacks that could lead to RCE. CISA has yet to include the said issue in its KEV catalog.
