Description

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue.

INFO

Published Date :

2025-01-18T00:32:54.954Z

Last Modified :

2026-02-26T19:09:05.707Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-23209 vulnerability.

Vendors Products
Craftcms
  • Craft Cms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-23209.

URL Resource
https://craftcms.com/knowledge-base/securing-craft#keep-your-secrets-secret cve-icon cve-icon
https://github.com/craftcms/cms/commit/e59e22b30c9dd39e5e2c7fe02c147bcbd004e603 cve-icon cve-icon
https://github.com/craftcms/cms/security/advisories/GHSA-x684-96hh-833x cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-23209 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact