VDB
CVE-2025-32432
CVE-2025-32432
PUBLISHED
KEV
On April 7, 2025, Craft CMS published a security advisory to address a critical vulnerability in the following product: Craft CMS – versions prior to 9.15, 4.14.15 and 5.6.17 Craft CMS has received reports that CVE-2025‑32432 has been exploited. Update 1 On March 20, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025‑32432 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.
EPSS 93.09% · 99.8th percentile
Risk Scores
EPSS Score
93.09%
99.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Craft | Craft CMS – versions prior to 9.15, 4.14.15 and 5.6.17 |
Exploit Intelligence
- CraftCMS CVE-2025-32432 - Clean PoC (github-poc-repo)
- CraftCMS CVE-2025-32432 - Clean PoC (github-poc-repo)
- CraftCMS CVE-2025-32432 - Clean PoC (github-poc-repo)
- CraftCMS CVE-2025-32432 - Clean PoC (github-poc-repo)
- CraftCMS CVE-2025-32432 - Clean PoC (github-poc-repo)
- CraftCMS CVE-2025-32432 - Clean PoC (github-poc-repo)
- CraftCMS CVE-2025-32432 - Clean PoC (github-poc-repo)
- CraftCMS CVE-2025-32432 - Clean PoC (github-poc-repo)
- CraftCMS CVE-2025-32432 - Clean PoC (github-poc-repo)
- CraftCMS CVE-2025-32432 - Clean PoC (github-poc-repo)
…and 321 more exploits
Timeline
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 VulnCheck XDB Entry
- Jan 20, 1970 VulnCheck XDB Entry
- Jan 20, 1970 VulnCheck XDB Entry
- Jan 20, 1970 VulnCheck XDB Entry
- Jan 21, 1970 VulnCheck XDB Entry
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Oct 21, 2021 CrowdSec Sighting
- Sep 27, 2022 CrowdSec Sighting
- Oct 8, 2022 CrowdSec Sighting
- Dec 2, 2022 CrowdSec Sighting