The CVE-2025-23209 vulnerability only becomes an issue if an attacker has already obtained this security key, which opens the way to decrypt sensitive data, generate fake authentication tokens, or inject and execute malicious code remotely. The flaw is tracked as CVE-2025-23209 and is a high severity (CVSS v3 score: 8.0) code injection (RCE) vulnerability impacting Craft CMS versions 4 and 5. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. Along with CVE-2025-23209, CISA also added a vulnerability in Palo Alto Networks firewalls (CVE-2025-0111) to the Known Exploited Vulnerability catalog, setting the same deadline for March 13. In Craft CMS, the security key is a cryptographic key that secures user authentication tokens, session cookies, database values, and sensitive application data. For the PAN-OS versions that address this flaw, impacted users can check out Palo Alto Networks' security bulletin. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. This is a file read vulnerability impacting PAN-OS firewalls, which the vendor disclosed is exploited by hackers as part of an exploit chain with CVE-2025-0108 and CVE-2024-9474. The flaw has been patched in Craft version 5.5.8 and 4.13.8, so users are recommended to upgrade to those releases or later as soon as possible. If you suspect compromise, it is recommended that you delete old keys contained in '.env' files and generate new ones using php craft setup/security-key command.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 21 Feb 2025 16:00:18 +0000