CVE-2025-68455
Published: 05 January 2026
Summary
CVE-2025-68455 is a high-severity Unsafe Reflection (CWE-470) vulnerability in Craftcms Craft Cms. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the CVE by requiring timely patching to fixed Craft CMS versions 5.8.21 or 4.16.17 to eliminate the RCE vulnerability.
Vulnerability scanning identifies affected Craft CMS versions in the specified ranges, enabling prioritization for remediation.
Least privilege limits administrator access to the Craft Control Panel, reducing the attack surface for authenticated exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authenticated RCE in public-facing Craft CMS directly matches exploitation of a vulnerable web application for code execution on the server.
NVD Description
Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior. Note that attackers must have administrator access to the Craft Control Panel…
more
for this to work. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.
Deeper analysisAI
CVE-2025-68455 affects Craft CMS, a platform for creating digital experiences, specifically versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16. The vulnerability enables potential authenticated remote code execution via a malicious attached Behavior and is associated with CWE-470. It has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H), indicating high confidentiality, integrity, and availability impacts under network access with low complexity but requiring high privileges.
Exploitation requires an attacker to have administrator access to the Craft Control Panel. With this access, the attacker can leverage a malicious attached Behavior to achieve remote code execution on the affected system, potentially compromising the server hosting the Craft CMS instance.
Craft CMS advisories and changelog entries recommend updating to patched versions 5.8.21 and 4.16.17 to mitigate the issue. Relevant details are available in the GitHub security advisory (GHSA-255j-qw47-wjh5) and specific commits addressing the vulnerability.
Details
- CWE(s)