Security Advisories - craftcms/cms - Packagist

craftcms/cms Security Advisories for 4.14.0.1 (3)

[MEDIUM] Craft CMS stores arbitrary content provided by unauthenticated users in session files

PKSA-ht16-h36v-hxc7 CVE-2025-35939 GHSA-7vrx-9684-xrf2

Affected version: <4.15.3|>=5.0.0-alpha.1,<5.7.5

Reported by:
GitHub
[HIGH] Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI

PKSA-8gxy-mg5h-z15w CVE-2025-46731 GHSA-7c58-g782-9j38

Affected version: >=5.0.0-RC1,<=5.6.14|>=4.0.0-RC1,<=4.14.12

Reported by:
GitHub
[CRITICAL] Craft CMS Allows Remote Code Execution

PKSA-5c44-5nbz-c7cq CVE-2025-32432 GHSA-f3gw-9ww9-jmc3

Affected version: >=5.0.0-RC1,<=5.6.16|>=4.0.0-RC1,<=4.14.14|>=3.0.0-RC1,<=3.9.14

Reported by:
GitHub

	
		OSZAR »