Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.
Published: 2025-04-25
CVSS: 10.0
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Download CVE-2025-32432 POC (Proof-of-Concept) here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
Check my portfolio here:
https://tlncglobal.com/poc-658-cve-2024-6123/
https://tlncglobal.com/poc-708-cve-2024-56064/
https://tlncglobal.com/poc-668-cve-2024-5910/
Taisja Laudy to jedna z najbardziej doświadczonychGallup Certified Global Strengths Coachw Polsce i Europie.