Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Hackers operate critical deficiencies CMS CMS; Hundreds of servers are probably compromised
Global Security

Hackers operate critical deficiencies CMS CMS; Hundreds of servers are probably compromised

AdminBy AdminApril 28, 2025No Comments3 Mins Read
Hackers Exploit Critical Craft CMS Flaws
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


April 28, 2025Red LakshmananSecurity / vulnerability web -applications

Hackers operate critical crafting deficiencies CMS

The threatening actors were observed the use of two recently disclosed critical security deficiencies in craft CMS attacks with zero day to violate servers and receiving unauthorized access.

Attacks, first, observe According to the Orange Cyberdefense Sensepost on February 14, 2025 provides the device below the vulnerabilities –

  • Cve-2024-58136 (CVSS assessment: 9.0) – Incorrect defense of the alternative shortage of the way in This is the PHP frame Used Craft CMS, which can be used to access limited functionality or resources (regression Cve-2024-4990)
  • Cve-2025-32432 (CVSS assessment: 10.0) – Vulnerability of the remote code (RCE) in craft CMS (secured in versions 3.9.15, 4.14.15 and 5.6.17)

According to the cybersecurity company, the CVE-2025-32432 is in the built-in image transformation function that allows the site administrators to store images to a specific format.

Cybersecurity

“The CVE-2025-32432 relies on the fact that an unauthorized user can send a request for publication to the final point responsible for the transformation of the image, and the data in the message will interpret the server,” said the security researcher Nicholas Buras.

“In versions of 3.x CRAFT CMS, the asset ID is checked before creating an object of transformation, whereas in the 4.x and 5.x asset ID is checked after. Thus, the actor threats must find an identifiable asset for operation with each version of Craft CMS.”

The asset ID in the CRAFT CMS context refers to how documents and media files are guided, and each asset has given a unique ID.

It was found that the threats behind the company were discovered by several requests for the publication until a valid asset ID was identified, after which the Python scenario would be executed to determine whether the server is vulnerable and if yes, upload the PHP file on the Github repository server.

“Between February 10 and 11, the threatening actor improved his scripts by tested FileManager.php to web server using Python’s script,” the researcher said. “The filemanager.php file was renamed Autoload_Classmap.php on February 12 and was first used on February 14.”

Hackers operate critical crafting deficiencies CMS

Vulnerable craft specimens of CMS on the country

As of April 18, 2025, 13,000 CMS CMS were discovered, of which nearly 300 were broken.

“If you are checking firewall logs or web server logs and find suspicious requests for actions/assets/generates the final controller, in particular with a line in the body, then your site was at least scattered for this vulnerability,” CMS CMS CMS CMS – Note In advisory. “This is not a confirmation that your site was compromised; it was just a check.”

Cybersecurity

If there is evidence of a compromise, users are advised to update security keys, turn database accounting, reset users with high care and block malicious requests at the firewall level.

The disclosure of information happens as active! Send vulnerability buffer based on the zero day based on the stack (Cve-2025-42599. It was recorded in the version 6.60.06008562.

“If the remote third party sends the developed request, you may be able to execute an arbitrary code or call a refusal (DOS),”-Qualitia – Note In the newsletter.

Found this article interesting? Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.