The Known Exploited Vulnerabilities catalog now includes a serious flaw in Craft CMS (CVE-2025-32432) that has been confirmed to be actively used in the wild. This problem should be fixed right away by security teams and system administrators to keep the network from being severely compromised. Learn more about Security breach alerts Antivirus software Software vulnerability database The vulnerability is a serious code injection flaw, classified as CWE-94, that happens when code generation is not properly controlled.
This kind of weakness happens when a software program doesn't clean up or check user input before treating it as executable code. This vulnerability is a big problem for Craft CMS, a popular and highly customizable content management system that many businesses use.
It lets an attacker who is not connected to the server run any code they want on it. Once an attacker is able to run code remotely, they can pretty much take full control of the application that was affected. With this level of access, hackers can change the content of a website, steal sensitive database records, or set up a permanent backdoor.
Also, a hacked web server can be a good place to start a lateral pivot into an organization's internal network. CISA added CVE-2025-32432 to the KEV catalog on March 20, 2026, which means that threat actors are using this flaw in real-world attacks. CISA says that it is still unclear whether this specific vulnerability is being used in ongoing ransomware campaigns.
Threat actors, including state-sponsored groups and initial access brokers, still really want code injection and remote code execution vulnerabilities. If your business uses Craft CMS, you need to take this threat very seriously. Content management systems that are not patched and are open to the internet are very easy to find.
Automated attack tools are probably already actively scanning and exploiting them. Under Binding Operational Directive (BOD) 22-01, it is the law for Federal Civilian Executive Branch agencies to fix this security hole in order to protect federal networks. Federal agencies must make the necessary changes by April 3, 2026, according to CISA. Even though this order only applies to government agencies, CISA strongly urges all private companies and global businesses to follow the same strict patching schedule.
System administrators must immediately install the most recent security updates that the vendor has given them. Companies should also keep an eye on their web access logs for any strange activity or attempts to gain unauthorized administrative access. If applying the official patch right away isn't possible, companies must either follow the cloud service security guidelines that apply to them or stop using the vulnerable product until secure fixes are available., LinkedIn, and X for daily updates on cybersecurity.
Get in touch with us to have your stories featured.
