Craft CMS Chaos: Zero-Day Bug Leaves 300 Websites in the Lurch!
The Craft CMS zero-day vulnerability, CVE-2025-32432, has been exploited, compromising hundreds of websites. This bug lets attackers transform image requests into remote code execution, making it a real Picasso of cybersecurity threats. Fortunately, patches have been released, so admins can stop worrying about their CMS turning into a CMS-tastrophe.
Hot Take:
Well, it seems Craft CMS has managed to craft itself quite the pickle! A zero-day vulnerability with a perfect 10/10 score on the CVSS scale—congratulations, you’ve won the vulnerability Olympics! Hackers everywhere must be giddy with excitement, ready to exploit your image transformation functionality faster than you can say “remote code execution.” But fear not, Craft CMS has heroically rolled out patches to save the day. Remember, folks, in the world of cybersecurity, it’s not about how you get compromised, it’s about how quickly you can patch it up and move on with your digital life.
Key Points:
– Zero-day vulnerability CVE-2025-32432 impacts Craft CMS versions 3.x, 4.x, and 5.x.
– Vulnerability allows unauthenticated remote code execution via image transformation functionality.
– Roughly 13,000 Craft CMS instances are affected, with nearly 300 confirmed compromises.
– Patches were released on April 10, 2025.
– Yii framework also impacted, with its own vulnerability CVE-2024-58136.