1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Craft CMS zero-day exploited to compromise hundreds of vulnerable

    From TechnologyDaily@1337:1/100 to All on Mon Apr 28 12:15:07 2025
    Craft CMS zero-day exploited to compromise hundreds of vulnerable servers

    Date:
    Mon, 28 Apr 2025 11:00:00 +0000

    Description:
    Two new bugs were recently discovered being chained in attacks.

    FULL STORY ======================================================================Research ers discovered two critical-severity zero-days in Craft CMS Criminals are allegedly chaining them together to gain access Some 300 sites already fell victim

    Cybercriminals are abusing two zero-day vulnerabilities in the Craft content management system (CMS) to access flawed servers and run malicious code remotely (RCE). This is according to cybersecurity researchers Orange Cyberdefense SenePost, who first saw the bugs being abused in mid-February this year.

    The two vulnerabilities are now tracked as CVE-2025-32432, and
    CVE-2204-58136. The former is a remote code execution bug with the maximum severity score - 10/10 (critical).

    The latter is described as an improper protection of alternate path bug in
    the Yii PHP framework that grants access to restricted functionality or resources. It is a regression of an older bug tracked as CVE-2024-4990, and was given a severity score of 9.0/10 (also critical).

    Get Keeper Personal for just $1.67/month, Keeper Family for just
    $3.54/month, and Keeper Business for just $7/month

    Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

    It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts
    to protect against cyber threats.

    Preferred partner ( What does this mean? ) View Deal Second increase

    "CVE-2025-32432 relies on the fact that an unauthenticated user could send a POST request to the endpoint responsible for the image transformation and the data within the POST would be interpreted by the server," the researchers explained.

    "In versions 3.x of Craft CMS, the asset ID is checked before the creation of the transformation object whereas in versions 4.x and 5.x, the asset ID is checked after. Thus, for the exploit to function with every version of Craft CMS, the threat actor needs to find a valid asset ID."

    Researchers determined that there were approximately 13,000 vulnerable Craft CMS endpoints. Almost 300 were allegedly already targeted. All users are advised to look for indicators of compromise and, if found, refresh security keys, rotate database credentials, reset user passwords, and block malicious requests at the firewall level.

    A patch is now available for the flaws, too. Users should make sure their Craft CMS instances are running versions 3.9.15, 4.14.15, and 5.6.17.

    The bugs have not yet been added to CISAs Known Exploited Vulnerabilities (KEV) catalog.

    Via The Hacker News You might also like US government warns this popular CMS software has a worrying security flaw Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/craft-cms-zero-day-exploited-to-comprom ise-hundreds-of-vulnerable-servers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)