CyberSecurity Malaysia

1.0 Introduction
Recently, Craft CMS has identified two high-severity vulnerabilities that allow remote attackers to execute malicious code on affected installations. These vulnerabilities are being actively exploited in the wild and affect multiple major versions of Craft CMS.

2.0 Impact
The vulnerability CVE-2024-56145 allows unauthenticated remote attackers to execute arbitrary PHP code if register_argc_argv is enabled, potentially leading to full system compromise and data breaches. CVE-2025-35939 vulnerability allows attackers to inject PHP code into session files, which can be exploited via file inclusion to execute code and compromise the system.

3.0 Affected Products
Craft CMS (CVE-2024-56145)

Version 4.0.0-RC1 through 4.13.2
Version 5.0.0-RC1 through 5.5.2
Version 3.0.0 through 3.9.14

Craft CMS (CVE-2025-35939)

All Versions prior to 5.7.5
All Versions prior to 4.15.3

4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the Craft CMS Security Bulletin and apply the necessary updates.

Kindly refer to the following URLs for more information:

Generally, we advise the users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact the Cyber999 Incident Response Team through the following channels:

E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web: https://www.cybersecurity.my

5.0 References

Select User Category

Select User Category

Select User Category

Select User Category

Cyber999 Advisories

MA-1341.062025: MyCERT Advisory - Actively Exploited Critical Vulnerabilities in Craft CMS

Search

Type

Archives