AIKIDO-2025-10004

craftcms/cms is vulnerable to Remote Code Execution (RCE)

70

High

craftcms/cms php

AIKIDO-2025-10004: craftcms/cms is vulnerable to Remote Code Execution (RCE) in versions 5.0.0 - 5.5.7, 4.0.0 - 4.13.7 and 3.0.0 - 3.9.13.

Remote Code Execution (RCE)
Vuln in 3.0.0 - 3.9.13
Fixed in 3.9.14
Vuln in 4.0.0 - 4.13.7
Fixed in 4.13.8
Vuln in 5.0.0 - 5.5.7
Fixed in 5.5.8
No CVE available
TL;DR

Who does this affect?

How can it be fixed?

Background info

Link to vendor website

Logo
ยฉ 2024 Aikido Security BV | BE0792914919
๐Ÿ‡ช๐Ÿ‡บ Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
๐Ÿ‡ช๐Ÿ‡บ Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
๐Ÿ‡บ๐Ÿ‡ธ Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
Any use of the intel.aikido.dev website and content is explicitly subject to Aikido Terms of Use