THREAT OPS › CVEs › CVE-2025-23209
CVE-2025-23209 — Craft CMS Code Injection Vulnerability
Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution.
Vulnerability details
- Affected productsCraft CMS
- KEV remediation due2025-03-13