Plattform
php
Komponente
craftcms/cms
Behoben in
5.0.1
4.0.1
5.8.22
CVE-2026-25498 represents a Remote Code Execution (RCE) vulnerability discovered in Craft CMS. Successful exploitation could allow an attacker to execute arbitrary code on a vulnerable system, potentially leading to complete system compromise. This vulnerability affects versions of Craft CMS up to and including 5.8.9. A patch is available in version 5.8.22.
Successful exploitation of CVE-2026-25498 allows an attacker to execute arbitrary code on the server hosting the Craft CMS application. This could lead to complete system compromise, data exfiltration, and defacement. The vulnerability affects additional endpoints not covered by the previous patch, expanding the attack surface. The blast radius includes any sensitive data stored within the Craft CMS database and any connected systems accessible from the compromised server. This vulnerability builds upon a previously identified RCE, highlighting the importance of applying all security updates promptly.
CVE-2026-25498 is related to a previously disclosed RCE vulnerability (GHSA-255j-qw47-wjh5). Public proof-of-concept (POC) exploits may become available. The vulnerability was published on 2026-02-09. The EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Exploit-Status
EPSS
0.30% (53% Perzentil)
CISA SSVC
The primary mitigation for CVE-2026-25498 is to upgrade Craft CMS to version 5.8.22 or later. If immediate upgrade is not possible, review the security advisory for potential temporary workarounds, such as restricting access to the affected endpoints. Consider implementing a Web Application Firewall (WAF) to filter malicious requests targeting these endpoints. Regularly scan your Craft CMS installation for vulnerabilities using automated tools. After upgrading, verify the fix by attempting to access the affected endpoints and confirming that they are properly protected.
Actualice Craft CMS a la versión 5.8.22 o superior. Esta versión contiene la corrección de seguridad para la vulnerabilidad de ejecución remota de código. La actualización se puede realizar a través del panel de control de Craft CMS o mediante Composer.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-25498 is a Remote Code Execution (RCE) vulnerability affecting Craft CMS. It allows attackers to potentially execute arbitrary code on a vulnerable system, similar to a previously patched vulnerability but impacting additional endpoints.
You are likely affected if you are running Craft CMS version 5.8.9 or earlier. It's crucial to assess your environment and upgrade to a patched version to mitigate this risk.
Upgrade Craft CMS to version 5.8.22 or later to address this vulnerability. This update includes the necessary fixes to prevent unauthorized code execution.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.