{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"Craft CMS Crisis: The 10.0-Rated RCE Flaw Every Developer Must Patch Now","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/7852c293\"></iframe>","width":"100%","height":180,"duration":891,"description":"A critical, actively exploited vulnerability (CVE-2025-32432) is wreaking havoc on Craft CMS—allowing attackers to execute arbitrary PHP code on unpatched servers with no authentication required.In this urgent episode, we break down:💥 Why this flaw scores a perfect 10.0 CVSS—the highest severity rating possible.🔍 How hackers are exploiting it: From stealing data to uploading PHP web shells (like filemanager.php) for persistent access.🛠️ The root cause: A Yii framework regression (CVE-2024-58136) that lets attackers hijack servers via crafted __class payloads.🌍 Real-world attacks: Evidence of in-the-wild exploitation since February 2025, with 13,000+ vulnerable instances still exposed.⚡ The Metasploit factor: How a public exploit module is lowering the bar for cybercriminals.🔒 Patch or perish: Why updating to Craft CMS 3.9.15/4.14.15/5.6.17 and Yii 2.0.52+ is non-negotiable.Plus: Indicators of Compromise (IOCs) to check if you’ve been hit, and why \"just patching\" isn’t enough—malicious files persist even after updates.If you run Craft CMS, this episode is a must-listen. Tune in before your server becomes the next victim.","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}