THREATOPS
THREAT OPSCVEs › CVE-2025-23209

CVE-2025-23209 — Craft CMS Code Injection Vulnerability

CISA KEVExploited: confirmedCraft CMS

Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution.

Vulnerability details