CVE-2025-32432
Published Apr 25, 2025
Last updated a month ago
AI description
CVE-2025-32432 is a remote code execution (RCE) vulnerability affecting Craft CMS, a content management system. The vulnerability stems from an issue in the Yii PHP framework that Craft CMS utilizes. Specifically, it affects Craft CMS versions 3.0.0-RC1 before 3.9.15, 4.0.0-RC1 before 4.14.15, and 5.0.0-RC1 before 5.6.17. The vulnerability allows attackers to send specially crafted requests, potentially leading to the execution of malicious PHP code on the server. Security researchers have observed attackers chaining CVE-2025-32432 with another vulnerability (CVE-2024-58136) in zero-day attacks to breach servers, install PHP-based file managers, upload backdoors, and exfiltrate sensitive data. Patched versions (3.9.15, 4.14.15, and 5.6.17) have been released to address this issue.
- Description
- Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- craft_cms
CVSS 3.1
- Type
- Primary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Craft CMS Code Injection Vulnerability
- Exploit added on
- Mar 20, 2026
- Exploit action due
- Apr 3, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security-advisories@github.com
- CWE-94
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
🚨 BREACH ALERT WHO: Craft CMS WHAT: CVE-2025-32432 code injection allows unauthenticated RCE exploited in the wild HOW: Remote unauthenticated code injection via HTTP request on Craft CMS servers Severity: CRITICAL 🔴 Source " https://t.co/zsHhVBe6iA...
@UziSeclab2006
5 Apr 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32432: Craft CMS Remote Code Execution Vulnerability - What It Means for Your Business and How to Respond https://t.co/zZyaKcJirK
@integ_sec
31 Mar 2026
140 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
If you run Craft CMS, stop scrolling. CVE-2025-32432 is on the CISA KEV — remote code execution, no auth required, actively exploited in the wild. This is not a theoretical risk. Attackers are using it right now. Patch today, not next sprint. #AppSec #WebSecurity
@cveriskpilot
27 Mar 2026
179 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تحديث لـ Roundcube Webmail: أصدرت Roundcube Webmail تحديثاً أمنياً، الإصدار 1.6.14، لمعالجة عدة ثغرات أمنية جسيمة تم تحديدها بالرموز CVE-2025-32432 وCVE-2023-5631. تُشكل هذه الثغرات
@MisbarSec
24 Mar 2026
163 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical code injection vulnerability (CVE-2025-32432) in Craft CMS actively exploited. Immediate patching required to prevent severe network compromises. Link: https://t.co/M5ByXV1MAj #Security #Exploits #Patch #Craft #CMS #Network #Threat #Injection #Malware #Hacking #Update ht
@dailytechonx
24 Mar 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Urgence Craft CMS : RCE Critique CVE-2025-32432 Exploitée en Ce Moment – Patch Avant le 3 Avril ! (zoneantimalware)
@NicolasCoolman
24 Mar 2026
159 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVSS 10 Craft CMS vulnerability added to KEV catalog: patch immediately Extensive info, including fix info, at SecAlerts: CVE-2025-32432, CVSS 10: https://t.co/ck4IIYAUiI #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #secalerts #CVE202532432 #CraftCMS https://t.co
@SecAlertsCo
23 Mar 2026
151 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ip Protocol 1. KEV-DELTA SYNC (MAR 23): •CRITICAL: CISA added CVE-2025-32432 (Craft CMS) and CVE-2025-54068 (Laravel Livewire) to the KEV catalog on Friday, March 20. •PATCH DEADLINE: Federal agencies must remediate by April 3, 2026. •NEW ADDITION: CVE-2026-20131
@SteveAJ777
23 Mar 2026
140 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds Craft CMS CVE-2025-32432 code injection bug to Known Exploited Vulnerabilities catalog after active attacks. Orgs should patch and monitor Craft CMS installs immediately. #CVE202532432 https://t.co/aVk1cF54jU
@threatcluster
23 Mar 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性5件をカタログに追加 CISA Adds Five Known Exploited Vulnerabilities to Catalog #CISA (Mar 20) CVE-2025-31277 Apple複数製品におけるバッファオーバーフローの脆弱性 CVE-2025-32432 Craft CMS コードインジ
@foxbook
23 Mar 2026
222 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds actively exploited Apple, Craft CMS, and Laravel Livewire flaws to KEV catalog — including CVE-2025-32432 (RCE), CVE-2025-54068 (MuddyWater-linked), and multiple iOS bugs used by DarkSword exploit kit. Federal agencies must patch by April 3, 2026. #CISA #KEV #RCE
@Hermes_tooll
23 Mar 2026
652 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
CISA adds actively exploited Apple, Craft CMS, and Laravel Livewire flaws to KEV catalog — including CVE-2025-32432 (RCE), CVE-2025-54068 (MuddyWater-linked), and multiple iOS bugs used by DarkSword exploit kit. Federal agencies must patch by April 3, 2026. #CISA #KEV #RCE
@VivekIntel
22 Mar 2026
197 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added Craft CMS CVE-2025-32432 (CVSS 10.0) and Laravel Livewire CVE-2025-54068 (CVSS 9.8) to KEV. Both are RCE, both confirmed exploited in the wild. Federal deadline April 3. Patch now. https://t.co/wfDkXa3dkP #infosec
@CybrPulse
22 Mar 2026
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NEW THREAT INTEL: Craft CMS Zero-Day RCE by Mimo Group (CVE-2025-32432, CVSS 10.0) - Active exploitation of Craft CMS. 9 detections, 30 IOCs. https://t.co/AcXdofIR7h #ThreatIntel #CyberSecurity #ZeroDay https://t.co/urKvJcR2NU
@threadlinqs
22 Mar 2026
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Today CVE: CVE-2025-32432 This tends to unfold the same way every time.
@EdgeDetectOps
22 Mar 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A Remote Code Execution (RCE) vulnerability, CVE-2025-32432, affects `Craft CMS`. Administrators should assess deployments and prepare for patch release. #CraftCMS #RCE #infosec https://t.co/FxyPMsoRhr
@pulsepatchio
21 Mar 2026
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性5件をカタログに追加 https://t.co/EeEpj7O9GT CVE-2025-31277 Apple複数製品におけるバッファオーバーフローの脆弱性 CVE-2025-32432 Craft CMS コードインジェクションの脆弱性
@cybersecnews_jp
21 Mar 2026
98 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに5件の脆弱性を追加。Apple社複数製品のCVE-2025-31277、CVE-2025-43510、CVE-2025-43520、Craft CMSのCVE-2025-32432、Laravel LivewireのCVE-202
@__kokumoto
21 Mar 2026
891 Impressions
0 Retweets
5 Likes
3 Bookmarks
1 Reply
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-32432 Craft CMS Code Injection Vulnerability https://t.co/3MAuy6eZu3
@ScyScan
20 Mar 2026
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CVE-2025-32432: Vulnerabilidad Crítica de Inyección de Código en Craft CMS Análisis técnico de la CVE-2025-32432 en Craft CMS, una falla crítica de inyección de código con CVSS 10.0. Explotación activa, impacto y recomendaciones de mit https://t.co/fjoOZGWFPB #c
@CiberPlanetaOrg
20 Mar 2026
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Alerta de Seguridad: Vulnerabilidad de Inyección de Código en Craft CMS (CVE-2025-32432) Craft CMS presenta una vulnerabilidad de inyección de código (CWE-94) que permite a atacantes remotos ejecutar código arbitrario, con severidad crítica (CVSS 10.0). Se recomiend
@CiberPlanetaOrg
20 Mar 2026
98 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE Alert: CVE-2025-32432 - craftcms - cms - https://t.co/1YYfG4OkJ5 #OSINT #ThreatIntel #CyberSecurity #cve-2025-32432 #craftcms #cms
@RedPacketSec
20 Mar 2026
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS: https://t.co/7oNWAxSPDq #exploitation #cms #vulnerability #cybersecurity #informationsecurity #cve https://t.co/wZ8bufqufZ
@blackstormsecbr
12 Jan 2026
177 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
Unauthenticated RCE in Craft CMS is hitting thousands of sites—fast. This new CVE-2025-32432 shows how a single misused DI container can expose full server takeover. Our fellows break down the exploit chain and how to defend against it. Stay ahead—secure your supply chain wit
@OPSWAT
2 Jan 2026
196 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-32432 (CVSS 10.0): Craft CMS Allows Remote Code Execution Craft CMS is vulnerable to remote code execution. High-impact, low-complexity attacks can exploit versions before 3.9.15, 4.14.15, and 5.6.17, allowing unauthenticated attackers to execute arbitrary code htt
@zoomeye_team
24 Dec 2025
5402 Impressions
18 Retweets
63 Likes
32 Bookmarks
1 Reply
1 Quote
CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS - by @OPSWAT https://t.co/QiBPU4YybH
@kmkz_security
23 Dec 2025
6829 Impressions
21 Retweets
104 Likes
47 Bookmarks
0 Replies
1 Quote
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware #CISO https://t.co/04D7DQkc4p https://t.co/5k1ctHDNKc
@compuchris
24 Jul 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【MBSD-SOCの検知傾向トピックス】 2025年6月分#MBSD#SOCの検知傾向トピックスを公開しました。 今月は、オープンソースのコンテンツ管理システム「CraftCMS」の脆弱性(CVE-2025-32432)を狙った攻撃を新たに観測しま
@mbsdnews
11 Jul 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A Critical Vulnerability exists in Craft CMS (CVE-2025-32432). See the @ncsc_gov_ie advisory for more info: https://t.co/sUYJJU25P3
@ncsc_gov_ie
24 Jun 2025
385 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
1 Jun 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
به تازگی آسیب پذیری جدیدی از نوع RCE برای Craft CMS با کد شناسایی CVE-2025-32432 منتشر شده است. هکرها با استفاده از این آسیب پذیری ، اقدام به تزریق بدافزارهایی از نوع m
@AmirHossein_sec
30 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilità TI WooCommerce Wishlist e Craft CMS compromettono 100.000 siti Vulnerabilità, alamdar, Craft CMS, CVE-2025-32432, cybercrime, ecommerce, exploit, IPRoyal, Mimo, php, sicurezza, TI WooCommerce Wishlist, xmrig https://t.co/ivrG2M9v0y https://t.co/nzjO1ArO5V
@matricedigitale
29 May 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mimoハッカー、Craft CMSの脆弱性CVE-2025-32432を悪用して暗号マイナーとプロキシウェアを展開 https://t.co/Rt6DnndbCS #Security #セキュリティ #ニュース
@SecureShield_
29 May 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
29 May 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
#Mimo #Hackers #Exploit CVE-2025-32432 in #Craft_CMS to Deploy #Cryptominer and #Proxyware https://t.co/lCiRfP0emD https://t.co/ToKUubcOPa
@omvapt
28 May 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mimo hackers exploit CVE-2025-32432 in Craft CMS to deploy cryptominers and proxyware. Ensure your systems are updated to the latest versions to stay protected. https://t.co/NTXkDEC8nc #Cybersecurity #Hackers #Exploit #CraftCMS #CVE #Cryptomining #Proxyware #Protection #Update ht
@dailytechonx
28 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ¡Alerta en España! Hackers están explotando la vulnerabilidad CVE-2025-32432 en Craft CMS para instalar mineros de criptomonedas y proxyware. Protege tu sitio y actualiza tu CMS de inmediato. Más info aquí: https://t.co/9xKTHW6Q2I #Ciberseguridad #CraftCMS #CVE2025
@SotyHub
28 May 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mimo #hackers Exploit #CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware https://t.co/LCMdN2bC6w
@AdliceSoftware
28 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Mimo Hackers Exploit #CVE-2025-32432 in Craft CMS to #Deploy Cryptominer and Proxyware https://t.co/MqiMXxjDnf
@ScyScan
28 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cyberattack Alert: Mimo hackers exploited a Craft CMS vulnerability (CVE-2025-32432) to deploy cryptominers. Stay updated on software patches! #CryptoSecurity
@aljhon71227
28 May 2025
20 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware https://t.co/BCoKDPAsDR #CyberSecurity #Malware #CSCIS
@CIDC_Ops
28 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware https://t.co/fxaK5a9KNm https://t.co/aeYxQVP32R
@talentxfactor
28 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware #JustUnsecure #AFrihackbox https://t.co/yhQPQqdrTO
@afrihackbox
28 May 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Hackers MIMO Explorar CVE-2025-32432 No Craft CMS para implantar Cryptominer e Proxyware https://t.co/zUKxSWZTVs
@SecMindLab
28 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware https://t.co/9Gq4YAnIVt
@buzz_sec
28 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware https://t.co/sdECX6fpc3
@DemolisherDigi
28 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📍Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware https://t.co/p0kbAiuM8b
@cyberetweet
28 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 هاجم مجرمون ماليو الثروات ثغرة تنفيذ الكود عن بُعد CVE-2025-32432 في نظام إدارة المحتوى Craft، مستغلينها لنشر برامج ضارة تتضمن معدنين للعملات الرقمية وأداة تحم
@Cybercachear
28 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Urgent! Mimo hackers are exploiting CVE-2025-32432 in Craft CMS for cryptojacking! Update to the latest version NOW to avoid RCE and malware deployment. Monitor for suspicious activity & review security configs. #Cybersecurity #CraftCMS #Vulnerability https://t.co/GLQ20
@fernandokarl
28 May 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Jeremy Scion, Pierre Le Bourhis & Sekoia TDR present an analysis of the compromise chain initiated by the exploitation of CVE-2025-32432. The exploitation occurred in a CMS honeypot and led to a loader, a crypto miner, and a residential proxyware. https://t.co/nlXziDyRCB htt
@virusbtn
28 May 2025
1507 Impressions
8 Retweets
21 Likes
3 Bookmarks
0 Replies
1 Quote
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB171F0-5C1B-48AE-831E-711510AA3BB9",
"versionEndExcluding": "3.9.15",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "502743C7-CDF1-4644-8371-FFB97DE1A4E6",
"versionEndExcluding": "4.14.15",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA89FA02-0C55-47CE-8B8B-4A383F6F2E65",
"versionEndExcluding": "5.6.17",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]