CVE-2025-32432

CISA KEV

Published March 20, 2026 · Updated April 3, 2026

high

What This Means

**CVE-2025-32432: Craft CMS Remote Code Execution** Craft CMS contains a code injection flaw that permits unauthenticated remote attackers to execute arbitrary code on affected servers. An attacker exploiting this vulnerability gains full system access with the privileges of the web server process, enabling data theft, malware deployment, and lateral movement within your infrastructure. **Remediation:** Update Craft CMS to the patched version immediately. If an update is unavailable, isolate affected instances from production networks, restrict web access via WAF rules or IP allowlisting, and monitor logs for exploitation attempts (POST requests with code injection payloads, unusual process execution from the web server user).

Official Description+

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.

Affected Products

Vendor	Product
Craft CMS	Craft CMS

Patch Status

Patch by 2026-04-03

Recommended Actions

Check if your systems use any of the affected products listed above.
Apply vendor patches immediately if available.
This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
Monitor vendor advisories for updates and additional mitigations.
Review logs for indicators of compromise related to CVE-2025-32432.

Related Coverage

Vvulnerability

CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS Demands Immediate Patching

CVE-2025-32432 is an unauthenticated remote code execution vulnerability in Craft CMS that allows attackers to execute arbitrary code on affected servers without any credentials. CISA has added it to the Known Exploited Vulnerabilities catalog with a federal remediation deadline of April 3, 2026. Organizations should update Craft CMS to the patched version immediately and apply WAF rules and network isolation if patching cannot be completed at once.

CISA KEV·14d ago·3 min read