April 25, 2025 By Lawrence Abrams
Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense.
The vulnerabilities were discovered by Orange Cyberdefense's CSIRT, which was called in to investigate a compromised server.
As part of the investigation, they discovered that two zero-day vulnerabilities impacting Craft CMS were exploited to breach the server:
- CVE-2025-32432: A remote code execution (RCE) vulnerability in Craft CMS.
- CVE-2024-58136: An input validation flaw in the Yii framework used by Craft CMS.
According to a report by SensePost, the ethical hacking team of Orange Cyberdefense, the threat actors chained both of these vulnerabilities together to breach servers and upload a PHP file manager.
