Known exploited
Craft CMS
CVE published 2025-02-20
CVE-2025-23209
CVE-2025-23209 is a Craft CMS code injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-02-20. The supplied corpus confirms known exploitation status and provides a vendor-directed response: apply mitigations per vendor instructions, or discontinue use of the product if mitigations are unavailable. The corpus does not include affected versions, severity, or exploit mechanics.