๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2025-32432: Craft CMS Code Injection Vulnerability
Summary
Craft CMS contains a code injection vulnerability (a flaw that lets attackers insert and run malicious code) that allows remote attackers to execute arbitrary code (run commands they shouldn't be able to run). This vulnerability is actively being exploited by attackers in the real world.
Solution / Mitigation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Details
EPSS: 79.0%
Yes
๐ฅ Actively Exploited
March 19, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-32432
First tracked: March 20, 2026 at 02:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%