CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
Posted: Sat Feb 22, 2025 2:19 pm
A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the project maintainers in late December 2024 in versions 4.13.8 and 5.5.8.
https://thehackernews.com/2025/02/cisa- ... y-cve.html
The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the project maintainers in late December 2024 in versions 4.13.8 and 5.5.8.
https://thehackernews.com/2025/02/cisa- ... y-cve.html