CISA Orders Urgent Patches for Critical CMS Vulnerabilities by May 23
A series of cybersecurity vulnerabilities has prompted urgent action from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The agency has ordered federal departments to patch flaws in Craft CMS, Yii Framework, and Commvault Command Center by May 23, 2025. Attackers have already exploited some of these weaknesses to breach systems and deploy malicious tools.
CISA recently added multiple vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including flaws in Yii Framework, Commvault Command Center, and Craft CMS. Among them, CVE-2025-32432—a Craft CMS issue—was fixed in versions 3.9.15, 4.14.15, and 5.6.17. Researchers found nearly 35,000 Craft CMS installations using the Onyphe database, with roughly 13,000 remaining vulnerable.
Federal agencies must now apply patches for these vulnerabilities before the May 23 deadline. The exploits have already been used to upload malicious PHP file managers on compromised servers. CISA’s directive aims to prevent further breaches by closing these security gaps.
Read also:
- THW deploys massive pumps to battle Gohrischheide wildfires with 25,000L/min water supply
- Britain’s grand *Vision* spectacle blends military tradition with artistic brilliance
- Global entertainment industry to hit $3.5 trillion by 2029 as digital ads surge
- Port Gibson’s Timeless Charm Blends European History and Southern Soul
