Описание
Craft CMS has a theoretical bypass for CVE-2025-23209
Pre-requisites:
- Have a compromised security key (https://craftcms.com/knowledge-base/securing-craft#keep-your-secrets-secret)
- Somehow, manage to create an arbitrary file in Craft’s
/storage/backupsfolder.
With those two pieces in place, you could create a specific, malicious request to the /updater/restore-db endpoint to execute CLI commands remotely.
Fixed in https://github.com/craftcms/cms/commit/a19d46be78a9ca1ea474012a10e97bed0d787f57
Reported by Marco O. (segfault)
Пакеты
craftcms/cms
>= 4.13.8, < 4.16.3
4.16.3
craftcms/cms
>= 5.5.8, < 5.8.4
5.8.4
Связанные уязвимости
Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these requirements: have a compromised security key and create an arbitrary file in Craft's /storage/backups folder. With those criteria in place, attackers could create a specific, malicious request to the /updater/restore-db endpoint and execute CLI commands remotely. This issue is fixed in versions 4.16.3 and 5.8.4.