CVE-2025-23209
ENISA EUVD: EUVD-2025-0208 ↗
Exploited in the Wild
✓ Confirmed 0-Day
Triaged: March 5, 2026
2 articles
Published: 2025-01-18
EPSS Score
Source: FIRST.org · 2026-05-23
16.39%
probability
This CVE has a 16.39% probability
of being exploited in the next 30 days.
0%
Top 95.0th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)8.1
HIGH
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue.
Affected Products
craftcms
cms
>= 5.0.0-RC1, < 5.5.5
>= 4.0.0-RC1, < 4.13.8
Attack Intelligence
Signal Intelligence
Confidence
85%
EPSS
16.39%
CVSS v3.1
8.1
Mentions
2
Last Seen
Apr 25, 2025
CNA Information
CNA Assigner
GitHub_M
CNA Title
Potential RCE with a compromised security key in craft/cms
Analyst Note
CVE-2025-23209 is a recent RCE vulnerability (published 2025-01-18) in Craft CMS with explicit zero-day attack confirmation in the BleepingComputer article title. The vulnerability affects unpatched Craft 4 and 5 installations, and patches were released (5.5.8 and 4.13.8). The timing between publication and active exploitation in the wild, combined with authoritative source naming it a zero-day attack, supports confirmed classification.
Triage Info
Decided atMar 05, 2026
Published DateJan 18, 2025