Miggo Logo

CVE-2025-23209: Craft CMS has a potential RCE with a compromised security key

8.1

CVSS Score
3.1

Basic Information

EPSS Score
0.88229%
Published
1/21/2025
Updated
1/21/2025
KEV Status
Yes
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
craftcms/cmscomposer>= 5.0.0-RC1, < 5.5.55.5.8
craftcms/cmscomposer>= 4.0.0-RC1, < 4.13.84.13.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insufficient validation in the database restoration process. The commit diff shows added path validation using FileHelper::isWithin, indicating the original code accepted user-controlled 'dbBackupPath' without checks. With a compromised security key, attackers could forge signed requests to execute arbitrary code through malicious database restore operations. The CWE-94 classification and patch context confirm this is a code injection vector via uncontrolled path input.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T*is is *n R** vuln*r**ility t**t *****ts *r**t * *n* * inst*lls w**r* your s**urity k*y **s *lr***y ***n *ompromis**. *ttps://*r**t*ms.*om/knowl****-**s*/s**urin*-*r**t#k**p-your-s**r*ts-s**r*t *nyon* runnin* *n unp*t**** v*rsion o* *r

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt `v*li**tion` in t** **t***s* r*stor*tion `pro**ss`. T** *ommit *i** s*ows ***** p*t* `v*li**tion` usin* `*il***lp*r::isWit*in`, in*i**tin* t** ori*in*l *o** ****pt** us*r-*ontroll** '*****kupP*t*' wit*out ***