AI description
CVE-2025-32432 is a remote code execution (RCE) vulnerability affecting Craft CMS, a content management system. The vulnerability stems from an issue in the Yii PHP framework that Craft CMS utilizes. Specifically, it affects Craft CMS versions 3.0.0-RC1 before 3.9.15, 4.0.0-RC1 before 4.14.15, and 5.0.0-RC1 before 5.6.17. The vulnerability allows attackers to send specially crafted requests, potentially leading to the execution of malicious PHP code on the server. Security researchers have observed attackers chaining CVE-2025-32432 with another vulnerability (CVE-2024-58136) in zero-day attacks to breach servers, install PHP-based file managers, upload backdoors, and exfiltrate sensitive data. Patched versions (3.9.15, 4.14.15, and 5.6.17) have been released to address this issue.
- Description
- Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- craft_cms
CVSS 3.1
- Type
- Primary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-94
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS: https://t.co/7oNWAxSPDq #exploitation #cms #vulnerability #cybersecurity #informationsecurity #cve https://t.co/wZ8bufqufZ
@blackstormsecbr
12 Jan 2026
177 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
Unauthenticated RCE in Craft CMS is hitting thousands of sites—fast. This new CVE-2025-32432 shows how a single misused DI container can expose full server takeover. Our fellows break down the exploit chain and how to defend against it. Stay ahead—secure your supply chain wit
@OPSWAT
2 Jan 2026
196 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-32432 (CVSS 10.0): Craft CMS Allows Remote Code Execution Craft CMS is vulnerable to remote code execution. High-impact, low-complexity attacks can exploit versions before 3.9.15, 4.14.15, and 5.6.17, allowing unauthenticated attackers to execute arbitrary code htt
@zoomeye_team
24 Dec 2025
5402 Impressions
18 Retweets
63 Likes
32 Bookmarks
1 Reply
1 Quote
CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS - by @OPSWAT https://t.co/QiBPU4YybH
@kmkz_security
23 Dec 2025
6829 Impressions
21 Retweets
104 Likes
47 Bookmarks
0 Replies
1 Quote
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware #CISO https://t.co/04D7DQkc4p https://t.co/5k1ctHDNKc
@compuchris
24 Jul 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【MBSD-SOCの検知傾向トピックス】 2025年6月分#MBSD#SOCの検知傾向トピックスを公開しました。 今月は、オープンソースのコンテンツ管理システム「CraftCMS」の脆弱性(CVE-2025-32432)を狙った攻撃を新たに観測しま
@mbsdnews
11 Jul 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A Critical Vulnerability exists in Craft CMS (CVE-2025-32432). See the @ncsc_gov_ie advisory for more info: https://t.co/sUYJJU25P3
@ncsc_gov_ie
24 Jun 2025
385 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
1 Jun 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
به تازگی آسیب پذیری جدیدی از نوع RCE برای Craft CMS با کد شناسایی CVE-2025-32432 منتشر شده است. هکرها با استفاده از این آسیب پذیری ، اقدام به تزریق بدافزارهایی از نوع m
@AmirHossein_sec
30 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilità TI WooCommerce Wishlist e Craft CMS compromettono 100.000 siti Vulnerabilità, alamdar, Craft CMS, CVE-2025-32432, cybercrime, ecommerce, exploit, IPRoyal, Mimo, php, sicurezza, TI WooCommerce Wishlist, xmrig https://t.co/ivrG2M9v0y https://t.co/nzjO1ArO5V
@matricedigitale
29 May 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mimoハッカー、Craft CMSの脆弱性CVE-2025-32432を悪用して暗号マイナーとプロキシウェアを展開 https://t.co/Rt6DnndbCS #Security #セキュリティ #ニュース
@SecureShield_
29 May 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
29 May 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
#Mimo #Hackers #Exploit CVE-2025-32432 in #Craft_CMS to Deploy #Cryptominer and #Proxyware https://t.co/lCiRfP0emD https://t.co/ToKUubcOPa
@omvapt
28 May 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mimo hackers exploit CVE-2025-32432 in Craft CMS to deploy cryptominers and proxyware. Ensure your systems are updated to the latest versions to stay protected. https://t.co/NTXkDEC8nc #Cybersecurity #Hackers #Exploit #CraftCMS #CVE #Cryptomining #Proxyware #Protection #Update ht
@dailytechonx
28 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ¡Alerta en España! Hackers están explotando la vulnerabilidad CVE-2025-32432 en Craft CMS para instalar mineros de criptomonedas y proxyware. Protege tu sitio y actualiza tu CMS de inmediato. Más info aquí: https://t.co/9xKTHW6Q2I #Ciberseguridad #CraftCMS #CVE2025
@SotyHub
28 May 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mimo #hackers Exploit #CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware https://t.co/LCMdN2bC6w
@AdliceSoftware
28 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Mimo Hackers Exploit #CVE-2025-32432 in Craft CMS to #Deploy Cryptominer and Proxyware https://t.co/MqiMXxjDnf
@ScyScan
28 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cyberattack Alert: Mimo hackers exploited a Craft CMS vulnerability (CVE-2025-32432) to deploy cryptominers. Stay updated on software patches! #CryptoSecurity
@aljhon71227
28 May 2025
20 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware https://t.co/BCoKDPAsDR #CyberSecurity #Malware #CSCIS
@CIDC_Ops
28 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware https://t.co/fxaK5a9KNm https://t.co/aeYxQVP32R
@talentxfactor
28 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware #JustUnsecure #AFrihackbox https://t.co/yhQPQqdrTO
@afrihackbox
28 May 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Hackers MIMO Explorar CVE-2025-32432 No Craft CMS para implantar Cryptominer e Proxyware https://t.co/zUKxSWZTVs
@SecMindLab
28 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware https://t.co/9Gq4YAnIVt
@buzz_sec
28 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware https://t.co/sdECX6fpc3
@DemolisherDigi
28 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📍Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware https://t.co/p0kbAiuM8b
@cyberetweet
28 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 هاجم مجرمون ماليو الثروات ثغرة تنفيذ الكود عن بُعد CVE-2025-32432 في نظام إدارة المحتوى Craft، مستغلينها لنشر برامج ضارة تتضمن معدنين للعملات الرقمية وأداة تحم
@Cybercachear
28 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Urgent! Mimo hackers are exploiting CVE-2025-32432 in Craft CMS for cryptojacking! Update to the latest version NOW to avoid RCE and malware deployment. Monitor for suspicious activity & review security configs. #Cybersecurity #CraftCMS #Vulnerability https://t.co/GLQ20
@fernandokarl
28 May 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Jeremy Scion, Pierre Le Bourhis & Sekoia TDR present an analysis of the compromise chain initiated by the exploitation of CVE-2025-32432. The exploitation occurred in a CMS honeypot and led to a loader, a crypto miner, and a residential proxyware. https://t.co/nlXziDyRCB htt
@virusbtn
28 May 2025
1507 Impressions
8 Retweets
21 Likes
3 Bookmarks
0 Replies
1 Quote
Mimo Returns: CVE-2025-32432 Exploited in Cryptomining and Proxyware Campaigns https://t.co/vzd7PqfiMR
@the_yellow_fall
28 May 2025
331 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
The Sharp Taste of Mimo’lette: Analyzing Mimo’s Latest Campaign targeting Craft CMS https://t.co/Bi10qd613p This article details a cybersecurity threat involving the exploitation of CVE-2025-32432, a Remote Code Execution vulnerability affecting the Cra… https://t.co/Il0Ci
@f1tym1
27 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
15 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
12 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
11 May 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
10 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
9 May 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
8 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚩 May 6 Advisory: Critical RCE Vulnerability Identified in Craft CMS [CVE-2025-32432] https://t.co/o8AihNMk9T
@censysio
6 May 2025
1059 Impressions
5 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
5 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
5 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
csirt_it: La Settimana Cibernetica del 4 maggio 2025 🔹 aggiornamenti per molteplici prodotti 🔹 Malvertising: diffusione dei malware NodeStealer e Xworm 🔹 Craft CMS: rilevata catena di sfruttamento attivo delle CVE-2025-32432 e CVE-2024-58136 ⚠️ #EPS… https://t.co
@Vulcanux_
5 May 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
La Settimana Cibernetica del 4 maggio 2025 🔹 aggiornamenti per molteplici prodotti 🔹 Malvertising: diffusione dei malware NodeStealer e Xworm 🔹 Craft CMS: rilevata catena di sfruttamento attivo delle CVE-2025-32432 e CVE-2024-58136 ⚠️ #EPSS 🔗 https://t.co/0ICeD
@csirt_it
5 May 2025
126 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
4 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
4 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
3 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
3 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
2 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
1 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
1 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-32432
@transilienceai
30 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
به تازگی برای Craft CMS دو آسیب پذیری با کدهای شناسایی CVE-2025-32432 از نوع RCE و CVE-2024-58136 از نوع input validation منتشر شده است. برای پیشگیری و مقابله به روز رسانی لازم را اعم
@AmirHossein_sec
29 Apr 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BCB171F0-5C1B-48AE-831E-711510AA3BB9",
"versionEndExcluding": "3.9.15",
"versionStartIncluding": "3.0.0"
},
{
"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "502743C7-CDF1-4644-8371-FFB97DE1A4E6",
"versionEndExcluding": "4.14.15",
"versionStartIncluding": "4.0.0"
},
{
"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA89FA02-0C55-47CE-8B8B-4A383F6F2E65",
"versionEndExcluding": "5.6.17",
"versionStartIncluding": "5.0.0"
}
],
"operator": "OR"
}
]
}
]