CISA Warns of Attacks Exploiting Craft CMS Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in Craft CMS, listed under the code CVE-2025-23209, to its catalog of known exploited vulnerabilities (KEV). This vulnerability affects users of Craft CMS. The impacts may include attacks exploiting this flaw. It is recommended to follow CISA's guidelines to protect against these threats.