CVE-2025-32432 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-32432 PUBLISHED KEV

On April 7, 2025, Craft CMS published a security advisory to address a critical vulnerability in the following product: Craft CMS – versions prior to 9.15, 4.14.15 and 5.6.17 Craft CMS has received reports that CVE-2025‑32432 has been exploited. Update 1 On March 20, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025‑32432 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

EPSS 89.11% · 99.5th percentile

Risk Scores

EPSS Score

89.11%

99.5th percentile

Affected Products

Vendor	Product	Versions
Craft	Craft CMS – versions prior to 9.15, 4.14.15 and 5.6.17

Timeline

Jan 20, 1970 CrowdSec Sighting
Jan 20, 1970 VulnCheck XDB Entry
Jan 20, 1970 VulnCheck XDB Entry
Jan 20, 1970 VulnCheck XDB Entry
Jan 20, 1970 VulnCheck XDB Entry
Jan 21, 1970 VulnCheck XDB Entry
Jan 21, 1970 CrowdSec Sighting
Jan 21, 1970 CrowdSec Sighting
Oct 21, 2021 CrowdSec Sighting
Mar 9, 2023 CrowdSec Sighting
Feb 6, 2024 CrowdSec Sighting
Mar 8, 2024 CrowdSec Sighting

References

Open in Interactive Console →