craftcms/cms Security Advisories for 5.7.1.1 (3)
-
[MEDIUM] Craft CMS Potential Remote Code Execution via Twig SSTI
PKSA-cbq7-fhfn-fyt5 CVE-2025-57811 GHSA-crcq-738g-pqvc
Affected version: >=5.0.0-RC1,<=5.8.6|>=4.0.0-RC1,<=4.16.5
Reported by:
GitHub -
[MEDIUM] Craft CMS has a theoretical bypass for CVE-2025-23209
PKSA-xnt5-5jkh-xr5x CVE-2025-54417 GHSA-2vcf-qxv3-2mgw
Affected version: >=5.5.8,<5.8.4|>=4.13.8,<4.16.3
Reported by:
GitHub -
[MEDIUM] Craft CMS stores arbitrary content provided by unauthenticated users in session files
PKSA-ht16-h36v-hxc7 CVE-2025-35939 GHSA-7vrx-9684-xrf2
Affected version: <4.15.3|>=5.0.0-alpha.1,<5.7.5
Reported by:
GitHub