KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

PRO Back to KEVs

10.0

CVSS
Critical

CVE-2025-32432

PUBLISHED

Craft CMS Allows Remote Code Execution

1 day faster than CISA KEV

Exploited in the wild Remote Low complexity No user interaction

Vendor: craftcms
Product: cms
Published: Apr 25, 2025
EPSS: 93.1% · 100% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.

cisa nuclei_scanner

Weaknesses (CWE)

CWE-94

Improper Control of Generation of Code ('Code Injection')

CVSS scores

CVSS v3.1 10.0 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Exploitation status

Exploited in the wild

Recorded 2026-06-01 12:10:33 UTC · CVE

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CVE First	2026-06-01 12:10 UTC
CISA	2026-06-02 14:02 UTC

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-32432.yaml	Jun 01, 2026

Timeline

CVE ID Reserved

2025-04-08 10:54 UTC
CVE Published to Public

2025-04-25 15:04 UTC
Added to KEVIntel

2026-06-01 12:10 UTC
Detected by Nuclei

2026-06-01 15:34 UTC
KEV confirmed by CISA

2026-06-02 14:02 UTC