cve detail

CVE-2025-32432

naam

Craft CMS Code Injection Vulnerability

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.

KEV

bekend misbruikt

EPSS

percentiel

vendor

Craft CMS

product

Craft CMS

toegevoegd aan KEV

20 mrt 2026

due date

03 apr 2026

ransomware

Unknown

CWE

CWE-94

EPSS datum

aanbevolen actie

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

notities

https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432