Craft CMS Data Breach
Craft CMS experienced a data breach that was reported on February 20, 2025. Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution.
Key Facts
- Organization
- Craft CMS
- Date Reported
- February 20, 2025
- Incident Type
- web app exploit
- Industry
- Technology
- Severity Score
- 5/10
- Confidence Level
- high
- Tags
Source
View original source - External link to primary source documentation
Understanding web app exploit Incidents
Web application exploits target vulnerabilities in websites and APIs. Secure development practices, WAFs, and penetration testing protect against these attacks.