1. Home
  2. Vulnerabilities
  3. CVE-2025-32432
Known Exploited Vulnerability
10.0
CRITICAL CVSS 3.1
CVE-2025-32432
Craft CMS Code Injection Vulnerability - [Actively Exploited]
Overview
Description

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.

Details
INFO

Published Date :

April 25, 2025, 3:15 p.m.

Last Modified :

March 20, 2026, 7:14 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known Ransomware Campaign Use:

Unknown

Notes :

https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432

Impact
Affected Products

The following products are affected by CVE-2025-32432 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Craftcms craft_cms
: Total Affected Vendor : 1 | Products : 1
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
CVSS 3.1 CRITICAL [email protected]
Solution
Update Craft CMS to a patched version to remediate remote code execution.
  • Upgrade Craft CMS to version 3.9.15 or later.
  • Upgrade Craft CMS to version 4.14.15 or later.
  • Upgrade Craft CMS to version 5.6.17 or later.
Public PoC/Exploit Available at Github

CVE-2025-32432 has a 24 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-32432.

URL Resource
https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical Release Notes Product
https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical Product Release Notes
https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical Product Release Notes
https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47 Patch
https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 Vendor Advisory
https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/ Exploit Press/Media Coverage
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32432 US Government Resource
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-32432 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-32432 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
friddiman14514/CVE_Tracker

Vulnerability tracking repository

Updated: 3 days, 2 hours ago
0 stars 0 fork 0 watcher
Born at : March 24, 2026, 5:26 a.m. This repo has been linked 5 different CVEs too.
Profile Photo
russo-sec/0day

None

Updated: 3 days, 15 hours ago
0 stars 0 fork 0 watcher
Born at : March 23, 2026, 4:17 p.m. This repo has been linked 12 different CVEs too.
Profile Photo
Acczdy/CVE-Vault

🤖 CVE POC Repository - Maintained by Acczdy Agent (Automated)

Python

Updated: 2 weeks ago
0 stars 0 fork 0 watcher
Born at : March 8, 2026, 4:59 p.m. This repo has been linked 7 different CVEs too.
Profile Photo
lucacapacci/PoC-in-GitHub

Mirror of https://github.com/nomi-sec/PoC-in-GitHub

Updated: 1 month, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Feb. 7, 2026, 10:02 a.m. This repo has been linked 789 different CVEs too.
Profile Photo
UserNombre/malware-project

None

Python Shell Makefile C

Updated: 3 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Nov. 18, 2025, 6:25 p.m. This repo has been linked 3 different CVEs too.
Profile Photo
Bruter1/Acunetix

Acunetix v25.5.250613157 - 17 Jun 2025

Updated: 5 months, 3 weeks ago
5 stars 0 fork 0 watcher
Born at : Sept. 28, 2025, 9:05 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
bambooqj/CVE-2025-32432

AI修复生成的CVE-2025-32432的poc

Python

Updated: 6 months ago
2 stars 0 fork 0 watcher
Born at : Sept. 23, 2025, 6:23 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
B1ack4sh/Blackash-CVE-2025-32432

CVE-2025-32432

Python

Updated: 8 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : July 16, 2025, 9:23 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
CTY-Research-1/CVE-2025-32432-PoC

None

Python

Updated: 6 months, 3 weeks ago
1 stars 0 fork 0 watcher
Born at : June 1, 2025, 3:19 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
apostolovd/PoCs

PoCs

Python JavaScript EJS

Updated: 3 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : May 31, 2025, 7:18 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
PuddinCat/GithubRepoSpider

监控Github最新网络安全相关的仓库...

cve cybersecurity github spider

Shell Python Nix

Updated: 6 months ago
26 stars 5 fork 5 watcher
Born at : May 9, 2025, 2:29 p.m. This repo has been linked 36 different CVEs too.
Profile Photo
ibrahimsql/CVE-2025-32432

CVE-2025-32432 checker and exploit

Go

Updated: 10 months, 3 weeks ago
3 stars 1 fork 1 watcher
Born at : April 27, 2025, 1:30 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
Sachinart/CVE-2025-32432

This repository contains a proof-of-concept exploit script for CVE-2025-32432, a pre-authentication Remote Code Execution (RCE) vulnerability affecting CraftCMS versions 4.x and 5.x. The vulnerability exists in the asset transform generation feature of CraftCMS.

Python

Updated: 8 months, 1 week ago
16 stars 3 fork 3 watcher
Born at : April 27, 2025, 8:50 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
Chocapikk/CVE-2025-32432

CraftCMS RCE Checker (CVE-2025-32432)

Go

Updated: 9 months, 2 weeks ago
9 stars 1 fork 1 watcher
Born at : April 26, 2025, 11:33 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
craftcms/security-patches

Provides security patches for out-of-date Craft CMS installs

PHP

Updated: 8 months, 3 weeks ago
25 stars 2 fork 2 watcher
Born at : April 11, 2025, 5:34 p.m. This repo has been linked 2 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-32432 vulnerability anywhere in the article.

  • Daily CyberSecurity
High-Severity JSON Schema Flaw Threatens MariaDB Database Stability

MariaDB, the widely used open-source relational database and community-developed fork of MySQL, has released critical updates to address a high-severity buffer overflow vulnerability. The flaw, tracke ... Read more

Published Date: Mar 24, 2026 (2 days, 18 hours ago)
  • Daily CyberSecurity
PolyShell Alert: Critical Magento REST API Vulnerability Faces Massive Global Exploitation in the Wild

A critical security flaw in the Magento REST API is currently being weaponized by cybercriminals to hijack e-commerce stores globally. Researchers at Sansec have identified a vulnerability they’ve dub ... Read more

Published Date: Mar 24, 2026 (2 days, 19 hours ago)
  • Daily CyberSecurity
Checkmarx Alert: Malicious Plugins and GitHub Actions Hit OpenVSX in New Supply Chain Attack

Today, security firm Checkmarx has identified a recent supply chain security incident. The breach involved the publication of malicious versions of two popular security plugins to the OpenVSX registry ... Read more

Published Date: Mar 24, 2026 (2 days, 22 hours ago)
  • Daily CyberSecurity
Bridge or Backdoor? Critical 9.8 RCE Flaw Threatens Helmholz Industrial Networks

Industrial connectivity specialist Helmholz GmbH & Co. KG has issued an urgent security advisory regarding multiple vulnerabilities discovered in its myREX24V2 and myREX24V2.virtual remote access solu ... Read more

Published Date: Mar 24, 2026 (2 days, 23 hours ago)
  • Daily CyberSecurity
High-Severity Spring Cloud Config Flaw Triggers File Leaks and SSRF

A significant security flaw has been identified in Spring Cloud Config, a popular framework used to provide server and client-side support for externalized configuration in distributed systems. The vu ... Read more

Published Date: Mar 24, 2026 (3 days, 2 hours ago)
  • Daily CyberSecurity
8 High-Severity Risks Fixed: Chrome Desktop Update Fixes Critical Memory and Buffer Flaws

In a significant move to bolster user safety, a new Chrome Stable Channel Update has been launched for desktop users. The update brings the browser version to 146.0.7680.164/165 for Windows and Mac, w ... Read more

Published Date: Mar 24, 2026 (3 days, 5 hours ago)
  • Daily CyberSecurity
Memory Leaks and Mixed Sessions: NetScaler’s Critical 9.3 CVSS Flaw Demands Immediate Action

On March 23, 2026, Cloud Software Group released a high-priority security bulletin addressing two vulnerabilities in NetScaler Gateway and NetScaler ADC. The flaws, which affect all physical and virtu ... Read more

Published Date: Mar 24, 2026 (3 days, 5 hours ago)
  • Daily CyberSecurity
Critical 9.1 CVSS Flaws Threaten Total Wazuh Cluster Takeover

Wazuh, the popular open-source security platform trusted by organizations to protect cloud and on-premises workloads, is facing a serious security challenge. Researchers have detailed two critical vul ... Read more

Published Date: Mar 24, 2026 (3 days, 7 hours ago)
  • Daily CyberSecurity
One Character to Rule Them All: How a Missing Slash Bypasses gRPC-Go Security (CVE-2026-33186)

A significant security flaw has been identified in gRPC-Go, the high-performance Go implementation of the gRPC framework. The vulnerability, tracked as CVE-2026-33186, carries a critical CVSS score of ... Read more

Published Date: Mar 23, 2026 (3 days, 17 hours ago)
  • Daily CyberSecurity
Roundcube Webmail Hits Critical Update: New Security Fixes Target Hidden Vulnerabilities

Roundcube Webmail has released a high-priority security update, version 1.6.14, aimed at patching several significant vulnerabilities that could put user data and server integrity at risk. This stable ... Read more

Published Date: Mar 23, 2026 (3 days, 19 hours ago)
  • CybersecurityNews
CISA Warns of Craft CMS Code Injection Vulnerability Exploited in Attacks

A critical vulnerability in Craft CMS (CVE-2025-32432) has been added to the Known Exploited Vulnerabilities catalog following confirmed active exploitation in the wild. Security teams and system admi ... Read more

Published Date: Mar 23, 2026 (3 days, 20 hours ago)
  • Daily CyberSecurity
The Undocumented Backdoor: Critical 10.0 CVSS Flaw Hits WAGO Managed Switches

A severe vulnerability has been uncovered in several models of WAGO Managed Switches, potentially leaving industrial networks exposed to complete takeover. The flaw, tracked as CVE-2026-3587, has earn ... Read more

Published Date: Mar 23, 2026 (3 days, 23 hours ago)
  • Daily CyberSecurity
The Weekly Breach: 7 Maximum CVSS Flaws and the DarkSword Exploit Unveiled

The past seven days have been an exceptionally busy period for cybersecurity defenders. Between March 16 and March 23, a staggering 1,348 new vulnerabilities were identified and logged. While the shee ... Read more

Published Date: Mar 23, 2026 (4 days, 6 hours ago)
  • Daily CyberSecurity
Unmasking DarkSword: GTIG Exposes Full-Chain iOS Exploit Used by Global Spies

Timeline of DarkSword observations and vulnerability patches | Image: GTIG In a comprehensive technical disclosure, the Google Threat Intelligence Group (GTIG) has revealed the existence of a highly s ... Read more

Published Date: Mar 22, 2026 (4 days, 17 hours ago)
  • Daily CyberSecurity
Disconnect Immediately: Rockwell Automation Issues Urgent Warning for Industrial Controllers

In a proactive move aimed at securing critical infrastructure, Rockwell Automation has issued a high-priority “Important Notice” to its global customer base. The advisory comes as the company identifi ... Read more

Published Date: Mar 22, 2026 (4 days, 17 hours ago)
  • Daily CyberSecurity
Below the EDR: How Unsecured IP-KVM Switches Grant Total System Takeover

Image credit: https://jetkvm.com/products/jetkvm Security researchers Reynaldo Vasquez Garcia and Paul Asadoorian from Eclypsium have issued a warning regarding a category of hardware often overlooked ... Read more

Published Date: Mar 22, 2026 (4 days, 19 hours ago)
  • Daily CyberSecurity
Active Exploits: CISA Adds Critical Craft CMS and Apple ‘DarkSword’ Flaws to KEV

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding five high-impact flaws that are currently being weaponized by threat ... Read more

Published Date: Mar 21, 2026 (5 days, 14 hours ago)
  • The Hacker News
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catal ... Read more

Published Date: Mar 21, 2026 (5 days, 23 hours ago)
  • TheCyberThrone
CISA adds Five Vulnerabilities to KEV Catalog- March 20, 2026

OverviewCISA added five vulnerabilities to its Known Exploited Vulnerabilities catalog on March 20, 2026, with a remediation due date of April 3, 2026 for all entries. The batch spans three Apple ecos ... Read more

Published Date: Mar 21, 2026 (6 days, 6 hours ago)
  • The Hacker News
Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices

Oct 29, 2025Ravie LakshmananVulnerability / Internet of Things Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways ... Read more

Published Date: Oct 29, 2025 (4 months, 3 weeks ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-32432 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Mar. 20, 2026

    Action Type Old Value New Value
    Changed Reference Type GitHub, Inc.: https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical Types: Broken Link GitHub, Inc.: https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical Types: Product, Release Notes
    Changed Reference Type GitHub, Inc.: https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical Types: Product GitHub, Inc.: https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical Types: Product, Release Notes
    Changed Reference Type GitHub, Inc.: https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical Types: Product GitHub, Inc.: https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical Types: Product, Release Notes
    Changed Reference Type GitHub, Inc.: https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 Types: Third Party Advisory GitHub, Inc.: https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 Types: Vendor Advisory
    Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32432 Types: US Government Resource
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Mar. 20, 2026

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32432
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Mar. 20, 2026

    Action Type Old Value New Value
    Added Date Added 2026-03-20
    Added Due Date 2026-04-03
    Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name Craft CMS Code Injection Vulnerability
  • Initial Analysis by [email protected]

    Apr. 28, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    Added CWE NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (excluding) 3.9.15 *cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:* versions from (including) 4.0.0 up to (excluding) 4.14.15 *cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:* versions from (including) 5.0.0 up to (excluding) 5.6.17
    Added Reference Type GitHub, Inc.: https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical Types: Broken Link
    Added Reference Type GitHub, Inc.: https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical Types: Product
    Added Reference Type GitHub, Inc.: https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical Types: Product
    Added Reference Type GitHub, Inc.: https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47 Types: Patch
    Added Reference Type GitHub, Inc.: https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 Types: Third Party Advisory
    Added Reference Type CISA-ADP: https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/ Types: Exploit, Press/Media Coverage
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Apr. 25, 2025

    Action Type Old Value New Value
    Added Reference https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/
  • New CVE Received by [email protected]

    Apr. 25, 2025

    Action Type Old Value New Value
    Added Description Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
    Added CWE CWE-94
    Added Reference https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical
    Added Reference https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical
    Added Reference https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical
    Added Reference https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47
    Added Reference https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 10
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact