module
Craft CMS Image Transform Preauth RCE (CVE-2025-32432)
| Disclosed |
|---|
| Apr 14, 2025 |
Disclosed
Apr 14, 2025
Description
This module exploits an unauthenticated remote code execution vulnerability
in Craft CMS versions 3.x, 4.x, and 5.x It injects a PHP Meterpreter payload into the Craft session, then triggers its execution
by abusing the Yii behavior gadget chain (PhpManager) on the generate-transform endpoint.
Discovered in the wild by Orange Cyberdefense CSIRT and assigned CVE-2025-32432.
in Craft CMS versions 3.x, 4.x, and 5.x It injects a PHP Meterpreter payload into the Craft session, then triggers its execution
by abusing the Yii behavior gadget chain (PhpManager) on the generate-transform endpoint.
Discovered in the wild by Orange Cyberdefense CSIRT and assigned CVE-2025-32432.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.