Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Craft CMS Remote Code Execution Vulnerability with Compromised Security Key

Vulnerability

Exploited

Patched

A remote code execution vulnerability has been identified in Craft CMS versions 4 and 5, specifically in installations where the security key has been compromised. Users running an unpatched version of Craft with a vulnerable security key are at risk.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected server.

Remediation

Users can update to Craft CMS versions 5.5.8 or 4.13.8, where this vulnerability has been patched. For those unable to update, it is recommended to rotate the security key and ensure its privacy.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

10.0

remediation

7.9

relevance

0.0

threat

8.3

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

10.0

remediation

7.9

relevance

0.0

threat

8.3

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Craft CMS Remote Code Execution Vulnerability with Compromised Security Key

Vulnerability

Impact

Remediation

Affected Products

Craft CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating