Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue.
Published: 2025-01-18
CVSS: 8.1
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Download CVE-2025-23209 POC (Proof-of-Concept) here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
Check my portfolio here:
https://tlncglobal.com/poc-246-cve-2025-34045/
https://tlncglobal.com/poc-46-cve-2025-7441/
https://tlncglobal.com/poc-591-cve-2024-7258/
Taisja Laudy to jedna z najbardziej doświadczonychGallup Certified Global Strengths Coachw Polsce i Europie.