Craft CMS security advisory (AV25-300)

Serial number: AV25-300
Date: May 28, 2025

On April 7, 2025, Craft CMS published a security advisory to address a critical vulnerability in the following product:

  • Craft CMS – versions prior to 9.15, 4.14.15 and 5.6.17

Craft CMS has received reports that CVE-2025‑32432 has been exploited.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

Date modified: