Home » News » Craft CMS zero-day exploited to compromise hundreds of vulnerable servers

Craft CMS zero-day exploited to compromise hundreds of vulnerable servers

A red padlock image against a digital map of the earth in blue.
May Be Interested In:Quick Look: DOOM: The Dark Ages



  • Researchers discovered two critical-severity zero-days in Craft CMS
  • Criminals are allegedly chaining them together to gain access
  • Some 300 sites already fell victim

Cybercriminals are abusing two zero-day vulnerabilities in the Craft content management system (CMS) to access flawed servers and run malicious code remotely (RCE). This is according to cybersecurity researchers Orange Cyberdefense SenePost, who first saw the bugs being abused in mid-February this year.

The two vulnerabilities are now tracked as CVE-2025-32432, and CVE-2204-58136. The former is a remote code execution bug with the maximum severity score – 10/10 (critical).

share Share facebook pinterest whatsapp x print

Similar Content

Barry Can't Swim is a new dance music superstar
Barry Can’t Swim is a new dance music superstar January 8, 2025
Here Comes the Sun: Warren Buffett and more
Here Comes the Sun: Warren Buffett and more April 16, 2025
After a pandemic boom, Canada's video game industry is taking a hit | CBC News
After a pandemic boom, Canada’s video game industry is taking a hit | CBC News February 5, 2025
Kristen Doute Reveals Surprising Update on Lala Kent Feud
Kristen Doute Reveals Surprising Update on Lala Kent Feud May 12, 2025
Forgiveness is not beneficial for everyone | Letters
Forgiveness is not beneficial for everyone | Letters April 4, 2025
iOS 18.3 calculator
Apple’s Calculator app will get one of its best features back in iOS 18.3 January 14, 2025
Frontpage Focus: The Day's Most Important Events | © 2025 | Daily News