top of page
perceptive_background_267k.jpg

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.

Published:

20 maart 2026 om 00:00:00

Alert date:

24 maart 2026 om 09:16:39

Source:

cisa.gov

Click to open the original link from this advisory

Web Technologies

A critical code injection vulnerability has been identified in Craft CMS, tracked as CVE-2025-32432. This security flaw allows remote attackers to execute arbitrary code on affected systems. The vulnerability poses a high risk to organizations using Craft CMS installations. Security advisories have been published by the Craft CMS team and security researchers. The issue has been documented in multiple sources including GitHub security advisories and the National Vulnerability Database. Organizations using Craft CMS should immediately review the security advisories and apply available patches or mitigations.

Technical details

Mitigation steps:

Affected products:

Craft CMS

Related links:

https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3
https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432
https://nvd.nist.gov/vuln/detail/CVE-2025-32432

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page