CNNVD-202601-812 Information

Jan 05, 2026 cve

CNNVD ID

CNNVD-202601-812

CVE-2025-68455

CNNVD Published: 2026-01-05

Description (Chinese)

Craft CMS是Craft CMS开源的一套内容管理系统（CMS）。 Craft CMS 5.0.0-RC1版本至5.8.20版本和4.0.0-RC1版本至4.16.16版本存在安全漏洞，该漏洞源于恶意附加行为，可能导致经过身份验证的远程代码执行。

Description (English)

Craft CMS is an open-source CMS content management system. There is a security loophole between Craft CMS Version 5.0.0-RC1 version to 5.8.20 and between 4.0.0-RC1 version to 4.16.16, which stems from malicious additionality and may result in the implementation of an identity-verified remote code.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Craft CMS

Published

2026-01-05

Last Modified

2026-02-24

References

https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821—2025-12-04 https://github.com/craftcms/cms/commit/27f55886098b56c00ddc53b69239c9c9192252c7 https://github.com/craftcms/cms/commit/6e608a1a5bfb36943f94f584b7548ca542a86fef https://github.com/craftcms/cms/commit/ec43c497edde0b2bf2e39a119cded2e55f9fe593 https://github.com/craftcms/cms/security/advisories/GHSA-255j-qw47-wjh5

Patch

https://github.com/craftcms/cms/releases

Share on: