CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Apr 3, 2026
Description
Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.
EPSS — Exploit Probability
Higher than 99.5% of all CVEs
Required Action
https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432
Related Articles (2)
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
Mar 20, 2026
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
CISA adds 5 exploited flaws (CVSS up to 10.0) to KEV, mandates April 3, 2026 patching to prevent malware and espionage attacks.
Mar 21, 2026
Risk Assessment
HIGHDetails
- Severity
- High
- EPSS
- 87.7%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 2
Timeline
Published
Mar 20, 2026
Added to KEV
Mar 20, 2026
Remediation Due
Apr 3, 2026