Bleeping Computer

CISA flags Craft CMS code injection flaw as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high ...
TechRadar

US government warns this popular CMS software has a worrying security flaw

CISA adds Craft CMS bug to its KEV catalog The bug was found in Craft CMS versions 4 and 5 It allows for remote code execution The US Government's Cybersecurity and Infrastructure Security Agency ...
TechRadar

Craft CMS zero-day exploited to compromise hundreds of vulnerable servers

Researchers discovered two critical-severity zero-days in Craft CMS Criminals are allegedly chaining them together to gain access Some 300 sites already fell victim Cybercriminals are abusing two zero ...