CVE-2025-54417 | Craft CMS up to 4.16.2/5.8.3 /storage/backups code injection (GHSA-2vcf-qxv3-2mgw)

Inserito da Angelo Barbosa | Ago 9, 2025 | CVE

A vulnerability was found in Craft CMS up to 4.16.2/5.8.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /storage/backups. The manipulation leads to code injection.

This vulnerability is known as CVE-2025-54417. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-54417 | Craft CMS up to 4.16.2/5.8.3 /storage/backups code injection (GHSA-2vcf-qxv3-2mgw)

Post correlati

CVE-2023-52689 | Linux Kernel up to 6.7.1 ALSA scarlett2_meter_ctl_get meter_level_map[] Privilege Escalation (74e3de7cdcc3/993f7b42fa06)

CVE-2025-24667 | Eniture Technology Small Package Quotes Plugin up to 5.2.17 on WordPress sql injection

CVE-2024-7412 | No Update Nag Plugin up to 1.4.12 on WordPress information disclosure

CVE-2024-10082 | Ericsson CodeChecker up to 6.24.1 authentication bypass (GHSA-fpm5-2wcj-vfr7)