CISA Warns of Critical Security Flaw in Craft CMS Versions 4 and 5

A critical security vulnerability (CVE-2025-23209) affecting versions 4 and 5 of Craft CMS has been added to the catalog of exploited vulnerabilities (KEV) by the CISA. This vulnerability, with a CVSS score of 8.1, is being actively exploited. Users of Craft CMS are advised to apply the available patches to protect themselves.