<ul><li>Threat actors have exploited two vulnerabilities in Craft CMS to breach servers and steal data.</li><li>The vulnerabilities, CVE-2025-32432 and CVE-2024-58136, allowed remote code execution and input validation flaws in Craft CMS and the Yii framework.</li><li>Attackers exploited the first vulnerability to upload a PHP file manager, and then used the second vulnerability to execute PHP code and compromise the server.</li><li>The vulnerabilities have been fixed, and indicators of compromise have been released by Orange Cyberdefense's CSIRT.</li></ul>

Attackers chained Craft CMS zero-days attacks in the wild

Discover more