Bleeping Computer

CISA flags Craft CMS code injection flaw as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high ...
TechRadar

Craft CMS zero-day exploited to compromise hundreds of vulnerable servers

Researchers discovered two critical-severity zero-days in Craft CMS Criminals are allegedly chaining them together to gain access Some 300 sites already fell victim Cybercriminals are abusing two zero ...