Craft CMS RCE exploit chain used in zero-day attacks to steal data

Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. The vulnerabilities were discovered by Orange Cyberdefense's CSIRT, which was called in to investigate a compromised server. As part of the investigation, they discovered that two zero-day vulnerabilities impacting Craft CMS were exploited to breach the server: CVE-2025-32432: A remote code execution (RCE) vulnerability in Craft CMS. A remote code execution (RCE) vulnerability in Craft CMS. CVE-2024-58136: An input validation flaw in the Yii framework used by Craft CMS. According to a report by SensePost, the ethical hacking team of Orange Cyberdefense, the threat actors chained both of these vulnerabilities together to breach servers and upload a PHP file manager. The attack begins with the exploitation of CVE-2025-32432, which allows attackers to send a specially crafted request containing a "return ... Read full article.