Uncovering the Massive Cyber Breach: Key Vulnerabilities in Craft CMS Under Attack

Uncovering the Massive Cyber Breach: Key Vulnerabilities in Craft CMS Under Attack

framework used by Craft CMS.

CVE-2024-58137 (CVSS score: 9.8) – A blind SQL injection vulnerability in the Craft CMS control panel.

It is with an urgent call to action that we report on a new series of attacks, taking advantage of two critical security flaws in Craft CMS.

The exploited vulnerabilities, CVE-2024-58136 and CVE-2024-58137 were discovered being leveraged in the wild on February 14, 2025 by cybersecurity experts at Orange Cyberdefense SensePost.

The Threat in Detail

These flaws in the widely utilized Craft CMS can allow a threat actor to chain the vulnerabilities, subsequently breaching servers and gaining unauthorized access.

The first flaw, an improper protection of alternate path in the Yii PHP framework used by Craft CMS, has a CVSS Score of 9.0.

The second flaw, a blind SQL injection vulnerability in the Craft CMS control panel, has an even higher CVSS score of 9.8, deeming it extremely critical.

What makes this sequence of attacks particularly concerning is its method.

By first exploiting the server-level vulnerability (CVE-2024-58136), the threat actor is able to alter the code-flow within the CMS.

The attacker then uses this unauthorized control to inject malicious SQL commands (CVE-2024-58137) into the backend of the website hosted by the CMS.

With control over the database, cybercriminals can manipulate the data, credentials, and content of the site.

A Timely Response

Craft CMS, upon being alerted of these vulnerabilities, has already released an emergency patch that rectifies these security flaws.

The patch is available for immediate download via their official website.

Craft CMS users are urged to apply this security patch as soon as possible to hinder potential compromise of their servers.

Tips for Administrators

As an administrator, it’s crucial to not only apply the latest patches as soon as they are available but should also practice proactive security measures.

Regularly review and limit user access rights, segregate network systems, enforce strong password policies, and consistently backup critical data.

It’s also recommended to use threat detection tools and subscribe to professional cybersecurity services to better guard against threats.

AegisLens

Stay ahead of cyber threats with AegisLens. Get real-time CVE updates, expert insights, and tools to secure your world. #CyberSecurity #ThreatIntel #Infosec
Inside the Jaguar Land Rover Cyberattack: What We Know (and What It Means)

Inside the Jaguar Land Rover Cyberattack: What We Know (and What It Means)

Bitdefender Enhances Business Email Security with Mesh Acquisition: A Power-Shift for MSPs

Bitdefender Enhances Business Email Security with Mesh Acquisition: A Power-Shift for MSPs

CISA Alert: Linux Vulnerability Targeted by Cyber Attackers with Proven Exploit

Breaking Down the Exploitation of Google Chrome Zero-Day CVE-2025-2783 by TaxOff for Trinper Backdoor Deployment

Breaking Down the Exploitation of Google Chrome Zero-Day CVE-2025-2783 by TaxOff for Trinper Backdoor Deployment

Understanding the Recurring Zyxel Firewall Vulnerability: A Focus on Network Security

Understanding the Sitecore CMS Exploit Chain: The Role of Hardcoded ‘b’ Password

Understanding the Sitecore CMS Exploit Chain: The Role of Hardcoded ‘b’ Password

Leave a Reply