CISA Warns: Exploited Craft CMS Code Injection Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning. A serious Craft CMS code injection flaw is being used in attacks. This flaw, tracked as CVE-2025-23209, is a high-severity vulnerability. It affects Craft CMS versions 4 and 5. The CVSS v3 score is 8.0.
Craft CMS is a popular content management system (CMS). It’s used to build websites and digital experiences. CVE-2025-23209 is a remote code execution (RCE) vulnerability. This means attackers can run malicious code on affected systems.
Understanding the Craft CMS Code Injection Flaw
The vulnerability’s technical details are scarce. Exploitation isn’t simple. Attackers need the installation’s security key. This key is crucial. It protects user authentication tokens, session cookies, and database values. It also secures sensitive application data.
The Craft CMS code injection flaw only becomes dangerous if an attacker already has this security key. With the key, they can decrypt data. They can also create fake authentication tokens. Most importantly, they can inject and execute malicious code remotely.
CISA’s Response and Patching the Craft CMS Flaw
CISA added the flaw to its Known Exploited Vulnerabilities (KEV) catalog. They haven’t shared details about the attacks. They haven’t revealed the targets either. Federal agencies have until March 13, 2025, to patch the Craft CMS flaw.
Patches are available. Craft CMS versions 5.5.8 and 4.13.8 include the fix. Users should upgrade immediately. If a compromise is suspected, delete old keys from ‘.env’ files. Generate new ones using the command php craft setup/security-key. Remember, this makes data encrypted with the old key inaccessible.
Related Vulnerability in Palo Alto Networks Firewalls
CISA also added a Palo Alto Networks firewall vulnerability to KEV. This is CVE-2025-0111. It’s a file read vulnerability. The vendor confirmed hackers are exploiting it. It’s part of an exploit chain with CVE-2025-0108 and CVE-2024-9474. Palo Alto Networks has a security bulletin with details on addressing this flaw. The deadline for patching this is also March 13, 2025.
This news story covers the critical Craft CMS code injection flaw. It highlights the urgency of patching. It also mentions a related vulnerability in Palo Alto Networks firewalls. Users should take immediate action to protect their systems.
