CISA Issues Urgent Warning as Hackers Exploit Critical Craft CMS Vulnerability

CISA warns of a critical Craft CMS flaw (CVE-2025-32432) allowing remote code execution. Agencies must patch by April 3, 2026.

By Content Team

Mar 24, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

CISA added a critical Craft CMS vulnerability (CVE-2025-32432) to its Known Exploited Vulnerabilities catalog after confirming active attacks in the wild. The code injection flaw allows remote attackers to execute arbitrary code on servers without authentication, potentially giving them complete control over affected systems.

Threat actors can modify websites, steal database records, or use compromised servers as launching points for deeper network attacks. Federal agencies must patch by April 3, 2026, under BOD 22-01, while CISA urges all organizations using the popular content management system to treat this as high priority and apply security updates immediately.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Conduent Data Breach Exposes Nearly 17,000 Volvo Group Employees' Personal Information

Feb 15, 2026

TeamPCP Hackers Launch Massive Supply Chain Attack Across Open Source Ecosystem

Mar 25, 2026

European Commission Hit by Major Data Breach Through Supply Chain Attack

Apr 5, 2026

Russian Hackers Exploit Microsoft Office Zero-Day in Eastern Europe Attacks

Feb 3, 2026