CVE-2025-32432: Craft CMS Code Injection Vulnerability

Vendor: Craft CMS. Product: Craft CMS. Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code. Action: Apply mitigations per v...

Early report Major update Updated Mar 20, 2026, 12:00 AM UTC

Track this event Edit in app More event pages

What changed

CISA Known Exploited Vulnerabilities: CVE-2025-32432: Craft CMS Code Injection Vulnerability.

First seen Mar 20, 2026, 12:00 AM UTC Latest source Mar 20, 2026, 12:00 AM UTC

Update 1 1d ago

CVE-2025-32432: Craft CMS Code Injection Vulnerability

CISA Known Exploited Vulnerabilities •published Mar 20, 2026, 12:00 AM UTC •fetched Mar 20, 2026, 10:19 PM UTC