A critical, actively exploited vulnerability (CVE-2025-32432) is wreaking havoc on Craft CMS—allowing attackers to execute arbitrary PHP code on unpatched servers with no authentication required.
In this urgent episode, we break down:
💥 Why this flaw scores a perfect 10.0 CVSS—the highest severity rating possible.
🔍 How hackers are exploiting it: From stealing data to uploading PHP web shells (like filemanager.php) for persistent access.
🛠️ The root cause: A Yii framework regression (CVE-2024-58136) that lets attackers hijack servers via crafted __class payloads.
🌍 Real-world attacks: Evidence of in-the-wild exploitation since February 2025, with 13,000+ vulnerable instances still exposed.
⚡ The Metasploit factor: How a public exploit module is lowering the bar for cybercriminals.
🔒 Patch or perish: Why updating to Craft CMS 3.9.15/4.14.15/5.6.17 and Yii 2.0.52+ is non-negotiable.
Plus: Indicators of Compromise (IOCs) to check if you’ve been hit, and why “just patching” isn’t enough—malicious files persist even after updates.
If you run Craft CMS, this episode is a must-listen. Tune in before your server becomes the next victim.
