CVE-2025-32432
Craft CMS Code Injection Vulnerability - [Actively Exploited]
Description
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.
INFO
Published Date :
April 25, 2025, 3:15 p.m.
Last Modified :
March 20, 2026, 7:14 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Unknown
https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 3.1 | CRITICAL | [email protected] |
Solution
- Upgrade Craft CMS to version 3.9.15 or later.
- Upgrade Craft CMS to version 4.14.15 or later.
- Upgrade Craft CMS to version 5.6.17 or later.
Public PoC/Exploit Available at Github
CVE-2025-32432 has a 24 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-32432.
| URL | Resource |
|---|---|
| https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical | Release Notes Product |
| https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical | Product Release Notes |
| https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical | Product Release Notes |
| https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47 | Patch |
| https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 | Vendor Advisory |
| https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/ | Exploit Press/Media Coverage |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32432 | US Government Resource |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-32432 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-32432
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Vulnerability tracking repository
None
🤖 CVE POC Repository - Maintained by Acczdy Agent (Automated)
Python
Mirror of https://github.com/nomi-sec/PoC-in-GitHub
None
Python Shell Makefile C
Acunetix v25.5.250613157 - 17 Jun 2025
AI修复生成的CVE-2025-32432的poc
Python
CVE-2025-32432
Python
None
Python
PoCs
Python JavaScript EJS
监控Github最新网络安全相关的仓库...
cve cybersecurity github spider
Shell Python Nix
CVE-2025-32432 checker and exploit
Go
This repository contains a proof-of-concept exploit script for CVE-2025-32432, a pre-authentication Remote Code Execution (RCE) vulnerability affecting CraftCMS versions 4.x and 5.x. The vulnerability exists in the asset transform generation feature of CraftCMS.
Python
CraftCMS RCE Checker (CVE-2025-32432)
Go
Provides security patches for out-of-date Craft CMS installs
PHP
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-32432 vulnerability anywhere in the article.
-
Daily CyberSecurity
High-Severity JSON Schema Flaw Threatens MariaDB Database Stability
MariaDB, the widely used open-source relational database and community-developed fork of MySQL, has released critical updates to address a high-severity buffer overflow vulnerability. The flaw, tracke ... Read more
-
Daily CyberSecurity
PolyShell Alert: Critical Magento REST API Vulnerability Faces Massive Global Exploitation in the Wild
A critical security flaw in the Magento REST API is currently being weaponized by cybercriminals to hijack e-commerce stores globally. Researchers at Sansec have identified a vulnerability they’ve dub ... Read more
-
Daily CyberSecurity
Checkmarx Alert: Malicious Plugins and GitHub Actions Hit OpenVSX in New Supply Chain Attack
Today, security firm Checkmarx has identified a recent supply chain security incident. The breach involved the publication of malicious versions of two popular security plugins to the OpenVSX registry ... Read more
-
Daily CyberSecurity
Bridge or Backdoor? Critical 9.8 RCE Flaw Threatens Helmholz Industrial Networks
Industrial connectivity specialist Helmholz GmbH & Co. KG has issued an urgent security advisory regarding multiple vulnerabilities discovered in its myREX24V2 and myREX24V2.virtual remote access solu ... Read more
-
Daily CyberSecurity
High-Severity Spring Cloud Config Flaw Triggers File Leaks and SSRF
A significant security flaw has been identified in Spring Cloud Config, a popular framework used to provide server and client-side support for externalized configuration in distributed systems. The vu ... Read more
-
Daily CyberSecurity
8 High-Severity Risks Fixed: Chrome Desktop Update Fixes Critical Memory and Buffer Flaws
In a significant move to bolster user safety, a new Chrome Stable Channel Update has been launched for desktop users. The update brings the browser version to 146.0.7680.164/165 for Windows and Mac, w ... Read more
-
Daily CyberSecurity
Memory Leaks and Mixed Sessions: NetScaler’s Critical 9.3 CVSS Flaw Demands Immediate Action
On March 23, 2026, Cloud Software Group released a high-priority security bulletin addressing two vulnerabilities in NetScaler Gateway and NetScaler ADC. The flaws, which affect all physical and virtu ... Read more
-
Daily CyberSecurity
Critical 9.1 CVSS Flaws Threaten Total Wazuh Cluster Takeover
Wazuh, the popular open-source security platform trusted by organizations to protect cloud and on-premises workloads, is facing a serious security challenge. Researchers have detailed two critical vul ... Read more
-
Daily CyberSecurity
One Character to Rule Them All: How a Missing Slash Bypasses gRPC-Go Security (CVE-2026-33186)
A significant security flaw has been identified in gRPC-Go, the high-performance Go implementation of the gRPC framework. The vulnerability, tracked as CVE-2026-33186, carries a critical CVSS score of ... Read more
-
Daily CyberSecurity
Roundcube Webmail Hits Critical Update: New Security Fixes Target Hidden Vulnerabilities
Roundcube Webmail has released a high-priority security update, version 1.6.14, aimed at patching several significant vulnerabilities that could put user data and server integrity at risk. This stable ... Read more
-
CybersecurityNews
CISA Warns of Craft CMS Code Injection Vulnerability Exploited in Attacks
A critical vulnerability in Craft CMS (CVE-2025-32432) has been added to the Known Exploited Vulnerabilities catalog following confirmed active exploitation in the wild. Security teams and system admi ... Read more
-
Daily CyberSecurity
The Undocumented Backdoor: Critical 10.0 CVSS Flaw Hits WAGO Managed Switches
A severe vulnerability has been uncovered in several models of WAGO Managed Switches, potentially leaving industrial networks exposed to complete takeover. The flaw, tracked as CVE-2026-3587, has earn ... Read more
-
Daily CyberSecurity
The Weekly Breach: 7 Maximum CVSS Flaws and the DarkSword Exploit Unveiled
The past seven days have been an exceptionally busy period for cybersecurity defenders. Between March 16 and March 23, a staggering 1,348 new vulnerabilities were identified and logged. While the shee ... Read more
-
Daily CyberSecurity
Unmasking DarkSword: GTIG Exposes Full-Chain iOS Exploit Used by Global Spies
Timeline of DarkSword observations and vulnerability patches | Image: GTIG In a comprehensive technical disclosure, the Google Threat Intelligence Group (GTIG) has revealed the existence of a highly s ... Read more
-
Daily CyberSecurity
Disconnect Immediately: Rockwell Automation Issues Urgent Warning for Industrial Controllers
In a proactive move aimed at securing critical infrastructure, Rockwell Automation has issued a high-priority “Important Notice” to its global customer base. The advisory comes as the company identifi ... Read more
-
Daily CyberSecurity
Below the EDR: How Unsecured IP-KVM Switches Grant Total System Takeover
Image credit: https://jetkvm.com/products/jetkvm Security researchers Reynaldo Vasquez Garcia and Paul Asadoorian from Eclypsium have issued a warning regarding a category of hardware often overlooked ... Read more
-
Daily CyberSecurity
Active Exploits: CISA Adds Critical Craft CMS and Apple ‘DarkSword’ Flaws to KEV
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding five high-impact flaws that are currently being weaponized by threat ... Read more
-
The Hacker News
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catal ... Read more
-
TheCyberThrone
CISA adds Five Vulnerabilities to KEV Catalog- March 20, 2026
OverviewCISA added five vulnerabilities to its Known Exploited Vulnerabilities catalog on March 20, 2026, with a remediation due date of April 3, 2026 for all entries. The batch spans three Apple ecos ... Read more
-
The Hacker News
Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices
Oct 29, 2025Ravie LakshmananVulnerability / Internet of Things Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways ... Read more
The following table lists the changes that have been made to the
CVE-2025-32432 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Mar. 20, 2026
Action Type Old Value New Value Changed Reference Type GitHub, Inc.: https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical Types: Broken Link GitHub, Inc.: https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical Types: Product, Release Notes Changed Reference Type GitHub, Inc.: https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical Types: Product GitHub, Inc.: https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical Types: Product, Release Notes Changed Reference Type GitHub, Inc.: https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical Types: Product GitHub, Inc.: https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical Types: Product, Release Notes Changed Reference Type GitHub, Inc.: https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 Types: Third Party Advisory GitHub, Inc.: https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 Types: Vendor Advisory Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32432 Types: US Government Resource -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Mar. 20, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32432 -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Mar. 20, 2026
Action Type Old Value New Value Added Date Added 2026-03-20 Added Due Date 2026-04-03 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Craft CMS Code Injection Vulnerability -
Initial Analysis by [email protected]
Apr. 28, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Added CWE NVD-CWE-noinfo Added CPE Configuration OR *cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (excluding) 3.9.15 *cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:* versions from (including) 4.0.0 up to (excluding) 4.14.15 *cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:* versions from (including) 5.0.0 up to (excluding) 5.6.17 Added Reference Type GitHub, Inc.: https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical Types: Broken Link Added Reference Type GitHub, Inc.: https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical Types: Product Added Reference Type GitHub, Inc.: https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical Types: Product Added Reference Type GitHub, Inc.: https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47 Types: Patch Added Reference Type GitHub, Inc.: https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 Types: Third Party Advisory Added Reference Type CISA-ADP: https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/ Types: Exploit, Press/Media Coverage -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Apr. 25, 2025
Action Type Old Value New Value Added Reference https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/ -
New CVE Received by [email protected]
Apr. 25, 2025
Action Type Old Value New Value Added Description Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Added CWE CWE-94 Added Reference https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical Added Reference https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical Added Reference https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical Added Reference https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47 Added Reference https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3