Was a high -speed security disadvantage that affects the content management system (CMS) added US Agency for Cybersecurity and Infrastructure (CISA) to known exploited vulnerabilities (Ship) A catalog based on evidence of active operation.
Vulnerability in question Cve-2025-23209 (CVSS Assessment: 8.1), which affects the Sraft CMS version 4 and 5. It was addressed to the project services at the end of December 2024 in versions 4.13.8 and 5.5.8.
“Craft CMS contains a vulnerability of the code that allows you to execute the removed code because the vulnerable versions violate the security keys,” the agency said.
Vulnerability affects the next version of the software –
- > = 5.0-RC1, <5.5.5
- > = 4.0.0-RC1, <4.13.8
In the advice liberated The GitHub Craft CMS noted that all unprotected craft versions affect security defect.
“If you cannot upgrade the secured version, then the safety key and its privacy key will help mitigate the problem,” the message said.
Currently, it is unclear how the user’s security keys were violated and in what context. In order to facilitate the risk of vulnerability, it is recommended that the Federal Civil Executive Agency (FCEB) apply the necessary fixes by March 13, 2025.
