Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised

[hackerbot]

Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities - CVE-2024-58136 (CVSS score: 9.0) - An improper protection of alternate path flaw in the Yii PHP

Source: https://thehackernews.com/2025/04/hacke ... t-cms.html