Craft CMS Under Active Attack, US Government Warns

By Netvora Tech News

---

The US government's Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about active exploitation of vulnerabilities in Craft CMS, a content management system similar to WordPress. The agency has identified two security flaws, designated as CVE-2024-56145 and CVE-2025-35939, which are being actively exploited by attackers.

Severe Flaw Allows Remote Code Execution

CVE-2024-56145, a critical vulnerability, allows remote code execution, making it a highly severe threat. This flaw was patched in December, but it appears that attackers have already found a way to exploit it.

Sessions Vulnerability

CVE-2025-35939, the second vulnerability, has a lower impact. However, it can still be exploited to store arbitrary content from unauthenticated users in session files, which can then be accessed and executed through another vulnerability, according to CISA.

Previous Warning from CERT Orange Cyberdefense

In April, CERT Orange Cyberdefense issued a warning about large-scale attacks on Craft CMS. However, those attacks exploited different vulnerabilities, specifically CVE-2024-58136 and CVE-2025-32432.

Thousands of Websites at Risk

It's estimated that over 150,000 websites use Craft CMS, making them vulnerable to these attacks. The CISA has not released any details about the observed attacks, but it's clear that website administrators need to take immediate action to patch their systems and protect their users.