Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access.The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities -CVE-2024-58136 (CVSS score: 9.0) – An improper protection of alternate path flaw in the Yii PHP
First seen on thehackernews.com
Jump to article: thehackernews.com/2025/04/hackers-exploit-critical-craft-cms.html
