CNNVD-202508-804 Information

CNNVD ID

CNNVD-202508-804

Related CVE

CVE-2025-54417

• CNNVD Published: 2025-08-09

Description (Chinese)

Craft CMS是Craft CMS开源的一套内容管理系统（CMS）。 Craft CMS 4.13.8版本至4.16.2版本和5.5.8版本至5.8.3版本存在代码注入漏洞，该漏洞源于安全密钥被破坏时可能允许远程代码执行。

Description (English)

Craft CMS is an open-source CMS content management system. Craft CMS 4.13.8 to 4.16.2 and 5.5.8 to 5.8.3 had a code-injection loophole, which stemmed from the possibility of allowing remote code execution when the security key was destroyed.

Hazard Level

Medium

Vulnerability Type

代码注入

Affected Vendor

Craft CMS

Published

2025-08-09

Last Modified

2026-02-24

References

https://github.com/craftcms/cms/security/advisories/GHSA-2vcf-qxv3-2mgw https://github.com/craftcms/cms/commit/a19d46be78a9ca1ea474012a10e97bed0d787f57 https://nvd.nist.gov/vuln/detail/CVE-2025-54417 https://access.redhat.com/security/cve/cve-2025-54417

Patch

https://github.com/craftcms/cms/releases