CVE-2025-23209CISA KEV: Actively Exploited

Craft CMS Code Injection Vulnerability

Published Feb 20, 2025·Updated Feb 20, 2025

Description

Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free