Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-32432

CRITICAL
Published 2025-04-25T15:04:06.272Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-32432. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
10.0
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.839
probability
of exploitation in the wild

There is a 83.9% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.992
Higher than 99.2% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
LOW

Description

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

craftcms

cms

Affected Versions:

>= 3.0.0-RC1, < 3.9.15 >= 4.0.0-RC1, < 4.14.15 >= 5.0.0-RC1, < 5.6.17

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

Craft CMS Allows Remote Code Execution

GHSA-f3gw-9ww9-jmc3

Advisory Details

### Impact This is an additional fix for https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g This is a high-impact, low-complexity attack vector. To mitigate the issue, users running Craft installations before the fixed versions are encouraged to update to at least that version. ### Details https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ### References https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47 https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms/ ### Credits Credit to [Orange Cyberdefense](https://github.com/Orange-Cyberdefense) for discovering a reporting this bug.

Affected Packages

Packagist craftcms/cms
ECOSYSTEM: ≥3.0.0-RC1 <3.9.15
Packagist craftcms/cms
ECOSYSTEM: ≥4.0.0-RC1 <4.14.15
Packagist craftcms/cms
ECOSYSTEM: ≥5.0.0-RC1 <5.6.17

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

References

WEB https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g
WEB https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-32432
WEB https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47
WEB https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432
PACKAGE https://github.com/craftcms/cms
WEB https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical
WEB https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical
WEB https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical
WEB https://sensepost.com/blog/2025/investigating-an-in-the-wild-campaign-using-rce-in-craftcms

Advisory provided by GitHub Security Advisory Database. Published: April 25, 2025, Modified: April 25, 2025

References

https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3
https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47
https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical
https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical
https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical
Published: 2025-04-25T15:04:06.272Z
Last Modified: 2025-04-29T03:55:14.713Z
Copied to clipboard!