Craft CMS security advisory (AV25-300)

Serial number: AV25-300
Date: May 28, 2025

On April 7, 2025, Craft CMS published a security advisory to address a critical vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in the following product:

  • Craft CMS – versions prior to 9.15, 4.14.15 and 5.6.17

Craft CMS has received reports that CVE-2025‑32432 has been exploited.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

Date modified: