The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert regarding the active exploitation of a critical security flaw in Craft CMS. The vulnerability, identified as CVE-2025-23209, affects versions 4 and 5 of the popular content management system and carries a high severity rating of 8.0 on the CVSS scale.

The security flaw enables remote code execution (RCE) but requires attackers to first compromise the system’s security key. This key is crucial for protecting authentication tokens, session cookies, and sensitive database information within Craft CMS installations.

Key Points:
– Affected versions: Craft CMS 4.x and 5.x
– Fixed in versions: 5.5.8 and 4.13.8
– Federal agency patch deadline: March 13, 2025
– Vulnerability type: Code injection leading to RCE

Remediation Steps:
1. Upgrade to patched versions (5.5.8 or 4.13.8 or later)
2. If compromise is suspected:
– Delete existing security keys in ‘.env’ files
– Generate new keys using ‘php craft setup/security-key’
– Note: New keys will make previously encrypted data inaccessible

Additionally, CISA has added a Palo Alto Networks firewall vulnerability (CVE-2025-0111) to its Known Exploited Vulnerability catalog, with the same March 13 remediation deadline. This file read vulnerability affects PAN-OS firewalls and is being exploited alongside other vulnerabilities in attack chains.