Ethical Hacking News
Craft CMS users are advised to upgrade to patched versions or take immediate action to protect against a newly disclosed code injection flaw that has been exploited in real-world attacks.
Craft CMS versions 4 and 5 have a remote code execution flaw (CVE-2025-23209) that allows attackers to inject malicious code. The vulnerability affects the security key, which grants access to sensitive data if compromised. Users are advised to patch the vulnerability by upgrading to Craft CMS versions 4.13.8 and 5.5.8 or later. Patching is also recommended for Palo Alto Networks firewalls affected by a file read vulnerability (CVE-2025-0111). Developers can help prevent exploitation by deleting old keys in '.env' files, generating new security keys, and staying informed about emerging vulnerabilities.
The world of web development has been shaken to its core by a recent discovery that threatens the security of websites built using Craft CMS. In February 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued an alert warning users about a remote code execution flaw in Craft CMS versions 4 and 5. This vulnerability, tracked as CVE-2025-23209, has been identified as high-severity by the Common Vulnerability Scoring System (CVSS v3 score: 8.0).
Craft CMS is a popular content management system (CMS) used for building websites and custom digital experiences. With its user-friendly interface and robust features, Craft CMS has become an indispensable tool in the web development community. However, like any other software, it is not immune to security vulnerabilities.
According to CISA, the CVE-2025-23209 vulnerability affects Craft CMS versions 4 and 5. The flaw allows an attacker to inject malicious code into the system, potentially leading to unauthorized access to sensitive data, such as user authentication tokens, session cookies, database values, and application data. In severe cases, this could result in the decryption of sensitive information or the injection of malicious code that can be executed remotely.
The vulnerability is said to require a compromised security key to exploit. The security key is a cryptographic key used to secure user authentication tokens, session cookies, database values, and other sensitive application data. Compromising this key would grant an attacker access to these sensitive areas, making it essential for users to take immediate action to protect their websites.
CISA has added the vulnerability to its Known Exploited Vulnerability (KEV) catalog without sharing any information about the scope and origin of the attacks or the specific targets. This lack of detail highlights the severity of the issue and the potential widespread impact on Craft CMS users.
Federal agencies have been given until March 13, 2025, to patch this vulnerability in their systems. Craft CMS has already released patches for versions 4.13.8 and 5.5.8. Users are strongly advised to upgrade to these releases or later as soon as possible to mitigate the risk of exploitation.
In addition to the Craft CMS vulnerability, CISA has also added another vulnerability in Palo Alto Networks firewalls (CVE-2025-0111) to its KEV catalog. This file read vulnerability affects PAN-OS firewalls and is part of an exploit chain involving CVE-2025-0108 and CVE-2024-9474.
In light of these findings, it is essential for web developers using Craft CMS or Palo Alto Networks firewalls to take proactive steps to protect their websites and systems. Deleting old keys contained in '.env' files and generating new security keys using the php craft setup/security-key command can help prevent unauthorized access to sensitive data. However, users should be aware that changing these keys will render any encrypted data inaccessible.
The recent discovery of the Craft CMS code injection flaw highlights the ongoing battle between cybersecurity experts and malicious actors. As web development continues to evolve, it is crucial for developers to stay informed about emerging vulnerabilities and take proactive steps to protect their creations from exploitation.
In conclusion, the exposure of the Craft CMS code injection flaw serves as a stark reminder of the importance of maintaining robust security measures in web development. By staying vigilant and taking prompt action, developers can help prevent the exploitation of this vulnerability and safeguard their websites against malicious attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Craft-CMS-Code-Injection-Flaw-Exposed-A-Growing-Concern-for-Web-Developers-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-flags-craft-cms-code-injection-flaw-as-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2025-23209
https://www.cvedetails.com/cve/CVE-2025-23209/
https://nvd.nist.gov/vuln/detail/CVE-2025-0111
https://www.cvedetails.com/cve/CVE-2025-0111/
https://nvd.nist.gov/vuln/detail/CVE-2025-0108
https://www.cvedetails.com/cve/CVE-2025-0108/
https://nvd.nist.gov/vuln/detail/CVE-2024-9474
https://www.cvedetails.com/cve/CVE-2024-9474/
Published: Fri Feb 21 14:39:01 2025 by llama3.2 3B Q4_K_M
