{"vulnerability": "CVE-2025-32432", "sightings": [{"uuid": "79ddd220-493d-4cb4-9f95-237afeb2bf67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114410089366436743", "content": "", "creation_timestamp": "2025-04-27T13:10:21.366551Z"}, {"uuid": "15b4a516-6b89-4f59-9e5f-857315b43b38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/ninjaowl.ai/post/3lqbdcgfxm52m", "content": "", "creation_timestamp": "2025-05-28T23:12:32.660588Z"}, {"uuid": "0235a572-37e3-4383-9047-a71047522a94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3lq5nftphue2a", "content": "", "creation_timestamp": "2025-05-27T12:02:45.232682Z"}, {"uuid": "a63a4510-4228-4172-9aec-289077023d95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lnpibbkwak2k", "content": "", "creation_timestamp": "2025-04-26T10:03:04.544798Z"}, {"uuid": "e41a9244-80f7-4b79-96da-ce47c3391032", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lnqektzfev2v", "content": "", "creation_timestamp": "2025-04-26T18:29:29.992608Z"}, {"uuid": "d607c605-839b-4f3d-a6a0-26ef76830811", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lnqn3vhrgh2c", "content": "", "creation_timestamp": "2025-04-26T21:02:11.836693Z"}, {"uuid": "9bea58b5-841e-4fda-8b1f-a221df9fd44f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lnr6s3bus226", "content": "", "creation_timestamp": "2025-04-27T02:18:49.838814Z"}, {"uuid": "f2e5db84-dce9-48bb-b9e8-5e96c2c23b4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-32432", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3lqb5d5wp6fa2", "content": "", "creation_timestamp": "2025-05-28T21:27:06.186654Z"}, {"uuid": "12316594-dc1e-4de9-a169-74fa5fe4b9e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/4135365", "content": "", "creation_timestamp": "2025-06-02T17:59:18.059053Z"}, {"uuid": "dd201873-abbf-4d38-bb19-85c0aad994f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3lqc66ym5zs2k", "content": "", "creation_timestamp": "2025-05-29T07:13:48.576564Z"}, {"uuid": "1467772d-020f-4bdc-be0d-2745e27aea81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/dasgeldco.bsky.social/post/3ltgdvsqejf2p", "content": "", "creation_timestamp": "2025-07-08T03:22:16.437212Z"}, {"uuid": "56516e1f-aa8d-4e97-8645-855572a87aca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/onyphe.io/post/3lnnkxcegak22", "content": "", "creation_timestamp": "2025-04-25T15:45:50.918179Z"}, {"uuid": "1351a50b-4f5b-4f29-84f3-7a9b338a6d54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114399621496612469", "content": "", "creation_timestamp": "2025-04-25T16:48:14.443526Z"}, {"uuid": "4dc7c9a8-a728-46da-9d2e-ab48b8c318e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lnnwc6kg2d2m", "content": "", "creation_timestamp": "2025-04-25T19:08:48.092668Z"}, {"uuid": "ce9dcca7-bbe7-4dd8-b8d5-f32072644eec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lnony6qhj42b", "content": "", "creation_timestamp": "2025-04-26T02:12:42.021640Z"}, {"uuid": "f098f185-9be1-4c48-a56f-64deb27115f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-32432", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3lnpckqomss2n", "content": "", "creation_timestamp": "2025-04-26T08:20:59.979351Z"}, {"uuid": "44684f7c-7b6a-4933-8e21-731d66320108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3lnu2mnja672d", "content": "", "creation_timestamp": "2025-04-28T05:42:11.721890Z"}, {"uuid": "94ab2385-eca3-43c6-8aff-639d8473e14d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lnugzwrqe226", "content": "", "creation_timestamp": "2025-04-28T09:24:24.341652Z"}, {"uuid": "7b0e508d-59a9-4af4-a7d4-9ab1556dc7ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lnuj7finrt2f", "content": "", "creation_timestamp": "2025-04-28T10:03:13.442763Z"}, {"uuid": "01336484-3828-4a9c-b80d-032b4fec7940", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-32432", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3lnuipythkc2r", "content": "", "creation_timestamp": "2025-04-28T09:54:36.706233Z"}, {"uuid": "cff0b03a-3938-4e84-9376-6e6ca4e6e461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3lnxilz3tmcu2", "content": "", "creation_timestamp": "2025-04-29T14:30:38.338518Z"}, {"uuid": "2379692d-a729-479e-8721-2655a59fb18c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lnvrea65pc2y", "content": "", "creation_timestamp": "2025-04-28T22:01:50.962467Z"}, {"uuid": "f5f988b7-e49e-4c12-973f-17302d5718c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lnvtraear22y", "content": "", "creation_timestamp": "2025-04-28T22:44:52.488840Z"}, {"uuid": "2c436a37-8221-4b1c-aa84-e6d03dcf6adb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lnw7k4t3fq24", "content": "", "creation_timestamp": "2025-04-29T02:15:35.545847Z"}, {"uuid": "3e2334b0-68f9-4019-a892-0052f2ffb1a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-32432.yaml", "content": "", "creation_timestamp": "2025-04-28T17:52:18.000000Z"}, {"uuid": "e1beda28-6bac-4c41-8a19-44101d4eeaf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-32432", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnwseuzbx272", "content": "", "creation_timestamp": "2025-04-29T07:53:36.422444Z"}, {"uuid": "749194c4-a19c-4450-9514-b2d65fdc7294", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/3929485", "content": "", "creation_timestamp": "2025-05-02T18:20:15.310059Z"}, {"uuid": "5a104e82-1eee-4812-b832-c8c5f4521583", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lo57i2urhi23", "content": "", "creation_timestamp": "2025-05-01T21:03:09.778756Z"}, {"uuid": "d6f14e5c-0186-4bb7-898b-2e090728bc5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3lnumkjrsuu2e", "content": "", "creation_timestamp": "2025-04-28T11:03:08.872281Z"}, {"uuid": "dfc2e78d-76f7-4ad9-87ec-f4ab92a277c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lnuzospwqr2g", "content": "", "creation_timestamp": "2025-04-28T14:58:11.666410Z"}, {"uuid": "25eea6bc-b878-4920-a251-b4777724cc2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/kriware.bsky.social/post/3lo3leueicp2g", "content": "", "creation_timestamp": "2025-05-01T05:30:42.149077Z"}, {"uuid": "57e039aa-ecf4-4683-801e-47c90159d8d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lo7pvri64s2q", "content": "", "creation_timestamp": "2025-05-02T21:02:26.763554Z"}, {"uuid": "e24a278c-4288-4b3d-be0f-dcfac2e50c5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/virusbtn.bsky.social/post/3lq7vn4kk3c2k", "content": "", "creation_timestamp": "2025-05-28T09:35:27.302803Z"}, {"uuid": "ebb285e7-ff3e-41ec-b0f6-284e51033e57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-32432", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3lqa4mwykjwn2", "content": "", "creation_timestamp": "2025-05-28T11:40:37.736706Z"}, {"uuid": "9fa55a61-64de-45d6-bce8-ac0ae5d4179f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-32432", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3lqa4nccaehn2", "content": "", "creation_timestamp": "2025-05-28T11:41:10.076887Z"}, {"uuid": "dc2bf2a6-4b5b-4cce-afc5-ee6ef106174c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-32432", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqa57k3rmen2", "content": "", "creation_timestamp": "2025-05-28T11:51:03.265080Z"}, {"uuid": "2af79c49-361b-4751-8538-2bfc4b04d7f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-32432", "type": "seen", "source": "https://bsky.app/profile/cti-news.bsky.social/post/3lqa4qbu62l2w", "content": "", "creation_timestamp": "2025-05-28T11:42:21.348617Z"}, {"uuid": "6b1d0761-efbf-4aae-a2ab-ae163dc621f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-32432", "type": "seen", "source": "https://bsky.app/profile/montxt.bsky.social/post/3lqa4zznda52t", "content": "", "creation_timestamp": "2025-05-28T11:47:48.481887Z"}, {"uuid": "ad7268de-058b-44fa-b899-ad7f4c1ccec7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lqa5lfljdm24", "content": "", "creation_timestamp": "2025-05-28T11:57:31.675986Z"}, {"uuid": "7851d4ae-f197-435d-b242-d8b36f6acba7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/techit.bsky.social/post/3lqahxsolu42m", "content": "", "creation_timestamp": "2025-05-28T15:03:25.428037Z"}, {"uuid": "7d33531d-520a-4181-add0-b719606da84f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/rollinstudios.bsky.social/post/3lpufymdmns2t", "content": "", "creation_timestamp": "2025-05-23T19:56:12.610899Z"}, {"uuid": "601fd4b3-2e84-4ec6-a05b-31f84c7fdb7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lqa5xhlpiz2u", "content": "", "creation_timestamp": "2025-05-28T12:04:16.605177Z"}, {"uuid": "817dbe7f-2194-472e-ac8b-69609ef4005f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:04.000000Z"}, {"uuid": "2c448197-3a2f-4a4b-8616-920e882327e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.bsky.social/post/3lqajurc2yc27", "content": "", "creation_timestamp": "2025-05-28T15:37:35.192881Z"}, {"uuid": "dc0b3d46-8c11-479e-bf52-c1857df201f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://thehackernews.com/2025/05/mimo-hackers-exploit-cve-2025-32432-in.html", "content": "", "creation_timestamp": "2025-05-28T09:00:00.000000Z"}, {"uuid": "b81891af-b0e5-470c-a882-188ec8111b43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlbwrzi32f", "content": "", "creation_timestamp": "2025-08-03T21:02:53.454262Z"}, {"uuid": "cd833243-f5d8-46ec-8193-ab7cf55e065e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mhlwkasrca2h", "content": "", "creation_timestamp": "2026-03-21T21:03:05.143760Z"}, {"uuid": "4e5ad1cc-6484-4a53-8999-6f7967734104", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb", "content": "", "creation_timestamp": "2025-05-01T11:52:11.000000Z"}, {"uuid": "8e5d2e0e-d810-467b-9191-abd6a536163d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/riskscore.bsky.social/post/3mhobye4xdu23", "content": "", "creation_timestamp": "2026-03-22T19:33:04.432228Z"}, {"uuid": "a66954a1-7935-44da-b554-bdfadaa7832e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/riskscore.bsky.social/post/3mhok7jz3kh2s", "content": "", "creation_timestamp": "2026-03-22T22:00:15.435336Z"}, {"uuid": "4ede67e4-d152-4400-8461-3ce18149a899", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3mhqgvhjmb32r", "content": "", "creation_timestamp": "2026-03-23T16:06:15.563591Z"}, {"uuid": "981769b6-36c7-40a8-bf7a-56bed8d30578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/alexandreborges.bsky.social/post/3mca7arbp6k2o", "content": "", "creation_timestamp": "2026-01-12T14:00:53.551101Z"}, {"uuid": "e0bd6cc8-bcfe-4146-aabc-5e112b2487c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/craft-cms-security-advisory-av25-300", "content": "", "creation_timestamp": "2026-03-23T14:35:40.000000Z"}, {"uuid": "adef3943-3a0b-47cd-b235-64c22c3a4752", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mhpxi6agt252", "content": "", "creation_timestamp": "2026-03-23T11:30:29.338138Z"}, {"uuid": "3609c0e8-8026-437c-893c-527052f04c31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mhsxurvh4325", "content": "", "creation_timestamp": "2026-03-24T16:15:26.540803Z"}, {"uuid": "7e53b494-8b0d-4e4d-bfaf-37283d974b18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3mhivagfufo2k", "content": "", "creation_timestamp": "2026-03-20T16:01:38.238958Z"}, {"uuid": "025782bd-92dc-4987-88c9-db20c8b3c4fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/6e3ce59b-1090-48f9-b214-2ccdb4a34d1b", "content": "", "creation_timestamp": "2026-03-20T16:00:10.057861Z"}, {"uuid": "932771af-f21a-44a7-be71-86251598e4bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116262336964134871", "content": "", "creation_timestamp": "2026-03-20T16:01:16.685463Z"}, {"uuid": "5c02e9b9-e1c5-4116-a82c-b4802271dcde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://www.cisa.gov/news-events/alerts/2026/03/20/cisa-adds-five-known-exploited-vulnerabilities-catalog", "content": "", "creation_timestamp": "2026-03-20T12:00:00.000000Z"}, {"uuid": "ad938880-b3de-48e6-afa9-7a23417980fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/6059882", "content": "", "creation_timestamp": "2026-03-20T16:07:02.580141Z"}, {"uuid": "0511edcf-575c-496b-a0fc-02ca855ec9ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mhq7zmhtk72z", "content": "", "creation_timestamp": "2026-03-23T14:03:19.167086Z"}, {"uuid": "15b759b0-76a1-4c20-bb2a-11d0046a40c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mhw2ejbcj22z", "content": "", "creation_timestamp": "2026-03-25T21:38:02.033541Z"}, {"uuid": "476db8ad-a2cd-49fa-bcd8-1c9cc117366d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://gist.github.com/alon710/9ae22252a01711933c801903c50fff8f", "content": "", "creation_timestamp": "2026-01-24T21:30:29.000000Z"}, {"uuid": "40cabca0-d71c-43db-98ca-ae0c28fbfe17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://gist.github.com/alon710/e589cf0bc7a54574edafd652b4a30658", "content": "", "creation_timestamp": "2026-01-24T21:30:30.000000Z"}, {"uuid": "4472fb72-e636-4685-b5d7-c2306dc5cc0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "published-proof-of-concept", "source": "https://t.me/codeby_sec/10020", "content": "RCE \u0437\u0430 \u0442\u0440\u0438 \u0448\u0430\u0433\u0430: \u043a\u0430\u043a \u0447\u0438\u0442\u0430\u0442\u044c CVE advisory \u0438 \u043d\u0435 \u043e\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c\u0441\u044f \u043d\u0430 CVSS-\u0431\u0430\u043b\u043b\u0435\n\n\u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u043f\u0435\u043d\u0442\u0435\u0441\u0442\u0435\u0440\u043e\u0432 \u0441\u043c\u043e\u0442\u0440\u044f\u0442 \u043d\u0430 \u043d\u043e\u0432\u0443\u044e CVE, \u0437\u0430\u043f\u043e\u043c\u0438\u043d\u0430\u044e\u0442 \u0446\u0438\u0444\u0440\u0443 9.8 \u0438 \u0438\u0434\u0443\u0442 \u0434\u0430\u043b\u044c\u0448\u0435. \u041c\u0435\u0436\u0434\u0443 \u0442\u0435\u043c \u0432 \u0442\u0435\u043a\u0441\u0442\u0435 advisory \u0443\u0436\u0435 \u043b\u0435\u0436\u0438\u0442 \u0433\u043e\u0442\u043e\u0432\u044b\u0439 \u0440\u0435\u0446\u0435\u043f\u0442 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u2014 \u0435\u0441\u043b\u0438 \u0437\u043d\u0430\u0442\u044c, \u043a\u0443\u0434\u0430 \u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.\n\n\ud83d\udd0d \u0422\u0440\u0438 \u0444\u0430\u0437\u044b \u0434\u043b\u044f \u043b\u044e\u0431\u043e\u0433\u043e PHP/JS-\u0441\u0442\u0435\u043a\u0430:\n\n1. \u0414\u0435\u043a\u043e\u043c\u043f\u043e\u0437\u0438\u0446\u0438\u044f advisory \u2014 \u0447\u0438\u0442\u0430\u0442\u044c NVD, GHSA \u0438 CISA KEV. \u0412\u0435\u043a\u0442\u043e\u0440 AV:N/AC:L/PR:N/UI:N \u0441\u0440\u0430\u0437\u0443 \u0433\u043e\u0432\u043e\u0440\u0438\u0442: pre-auth RCE, \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442\n2. Patch diffing \u2014 \u043a\u043e\u043c\u043c\u0438\u0442 \u0438\u0437 GHSA \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u0442\u043e\u0447\u043a\u0443 \u0432\u0445\u043e\u0434\u0430. \u0417\u0430\u043c\u0435\u043d\u0430 unserialize() \u0438\u043b\u0438 dol_eval() \u2014 \u0432\u0430\u0448 \u043c\u0430\u044f\u043a\n3. \u0426\u0435\u043f\u043e\u0447\u043a\u0430 \u0434\u043e PoC \u2014 CWE-\u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u043a\u0430\u043a \u043a\u0430\u0440\u0442\u0430: CWE-502 \u2192 gadget chain, CWE-22 \u2192 \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0430 payload\n\n\u0420\u0430\u0437\u043e\u0431\u0440\u0430\u043d\u044b CVE-2025-32432 \u0432 Craft CMS (CVSS 10.0, CISA KEV) \u0438 CVE-2025-55182 \u0432 React Server Components \u2014 \u043e\u0442 advisory \u0434\u043e \u0448\u0435\u043b\u043b\u0430.\n\nhttps://codeby.net/threads/ekspluatatsiya-cve-v-veb-prilozheniyakh-ot-chteniya-advisory-do-rce-za-tri-shaga.92809/", "creation_timestamp": "2026-04-23T06:43:54.000000Z"}, {"uuid": "05e8576c-1cd6-4201-b4bb-88b751bf767f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://gist.github.com/alon710/d7aaf1c76ca3b28f6e9c13a27aff2873", "content": "", "creation_timestamp": "2026-01-24T22:42:31.000000Z"}, {"uuid": "711e2483-03d9-4e75-80be-0fc70b9e4601", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mhw3shrp722z", "content": "", "creation_timestamp": "2026-03-25T22:03:45.971743Z"}, {"uuid": "b099cec8-12a3-4da3-8dca-910ec0d238ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/44221", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-32432\nURL\uff1ahttps://github.com/B1ack4sh/Blackash-CVE-2025-32432\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-07-16T09:27:49.000000Z"}, {"uuid": "930bfcd7-e8cb-4cd3-853f-ae6429ecd396", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13769", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32432\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L)\n\ud83d\udd39 Description: Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.\n\ud83d\udccf Published: 2025-04-25T15:04:06.272Z\n\ud83d\udccf Modified: 2025-04-29T03:55:14.713Z\n\ud83d\udd17 References:\n1. https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3\n2. https://github.com/craftcms/cms/commit/e1c85441fa47eeb7c688c2053f25419bc0547b47\n3. https://github.com/craftcms/cms/blob/3.x/CHANGELOG.md#3915---2025-04-10-critical\n4. https://github.com/craftcms/cms/blob/4.x/CHANGELOG.md#41415---2025-04-10-critical\n5. https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5617---2025-04-10-critical", "creation_timestamp": "2025-04-29T04:11:16.000000Z"}, {"uuid": "9e512130-135f-4cfe-8867-7f9d44f2a6f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "published-proof-of-concept", "source": "Telegram/-eVtmnn41aX142EGm4PDd1vAvsYrV5qccUCeh8-YPAmHevg", "content": "", "creation_timestamp": "2025-07-16T15:00:06.000000Z"}, {"uuid": "779367f0-091d-460e-ac3d-5194f284dae7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://bsky.app/profile/exploitdb-bot.bsky.social/post/3mkmxnu7ptt2v", "content": "\ud83d\udea8 New Exploit: Craft CMS 5.6.16 - RCE\n\ud83d\udccb CVE: CVE-2025-32432\n\ud83d\udc64 Author: banyamer\n\n\ud83d\udd17 https://www.exploit-db.com/exploits/52525\n\n#ExploitDB #InfoSec #CyberSecurity #CVE-2025-32432", "creation_timestamp": "2026-04-29T11:11:09.838016Z"}, {"uuid": "aad9c7f2-fc34-4055-9248-a06eeca8595d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/34366", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCraftCMS RCE Checker (CVE-2025-32432)\nURL\uff1ahttps://github.com/Chocapikk/CVE-2025-32432\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-04-26T23:40:15.000000Z"}, {"uuid": "b35fb11f-b5ac-43f9-ba6b-f72dae16458d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/34428", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-32432 checker and exploit \nURL\uff1ahttps://github.com/ibrahimsql/CVE-2025-32432\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-04-27T13:32:40.000000Z"}, {"uuid": "3a90b521-df5c-4a15-8151-b7e2692d2d8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/34407", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aProof of Concept for the NTLM Hash Leak via .library-ms CVE-2025-24054\nURL\uff1ahttps://github.com/Sachinart/CVE-2025-32432\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-04-27T08:55:00.000000Z"}, {"uuid": "849bba86-1047-4efc-b723-a25a99743048", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "published-proof-of-concept", "source": "Telegram/zQWZRmlZZJlnuRGMIjUF1jUVSyI94XK8md6pgqoM1JwlMZE", "content": "", "creation_timestamp": "2025-09-23T09:00:05.000000Z"}, {"uuid": "65002ae3-e8d1-4290-8f49-3f006e1ac444", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "published-proof-of-concept", "source": "https://t.me/NinjaSec/290", "content": "1. https://github.com/Sachinart/CVE-2025-32432\nCheck for CVE-2025-32432 vulnerability\n#github #exploit\n\n\n2. https://github.com/helidem/CVE-2025-24054-PoC\nProof of Concept for NTLM Hash Leak via .library-ms CVE-2025-24054\n#github #poc\n\n\n3. https://github.com/ajdumanhug/CVE-2023-46818\nCVE-2023-46818 Python3 Exploit for ISPConfig <= 3.2.11 PHP Code Injection\n#github #exploit\n\n\n4. https://github.com/0x6rss/CVE-2025-24071_PoC\nNTLM hash leak via .library-ms inside ZIP/RAR (CVE-2025-24071)\n#github #poc\n\n\n5. https://github.com/trickest/cve/blob/main/2022/CVE-2022-42092.md\nCVE-2022-42092 \u2013 Backdrop CMS RCE PoC\n#github #exploit\n\n\n6. https://github.com/nomi-sec/PoC-in-GitHub\nAggregated CVE Exploits and PoCs from GitHub\n#github #tool\n\n\n7. https://github.com/SofianeHamlaoui/CVE-2022-0492-Checker\nLinux Container Escape CVE-2022-0492 vulnerability checker\n#github #exploit\n\n\n8. https://github.com/xigney/CVE-2025-24054_PoC\nAlternate NTLM Hash Leak via .library-ms CVE-2025-24054\n#github #poc\n\n\n9. https://github.com/bipbopbup/CVE-2023-46818-python-exploit\nPython PoC for CVE-2023-46818 in ISPConfig\n#github #exploit\n\n\n10. https://github.com/Marcejr117/CVE-2025-24071_PoC\nNTLM Hash Leak using .library-ms via ZIP trick (CVE-2025-24071)\n#github #poc\n\n\n11. https://github.com/Ostorlab/KEV\nKnown Exploited Vulnerabilities Detector\n#github #scanner\n\n\n12. https://github.com/edoardottt/missing-cve-nuclei-templates\nMissing CVE Detection via Nuclei Templates\n#github #scanner\n\n\n13. https://github.com/hyp3rlinx/Advisories\nZero-Day Security Advisories and Exploits by Hyp3rlinx\n#github #exploit\n\n\n14. https://github.com/Kubashok/apple-cve-repos\nApple CVE Database Links Repository\n#github #cve\n\n\n15. https://github.com/esnet/Seccubus_v2\nSeccubus Test Data for Vulnerability Scanners\n#github #tool\n\n\n16. https://github.com/skordemir/Xml2Ontology\nNessus XML Vulnerability Report Samples\n#github #data\n\n\n17. https://github.com/madirish/hector\nHector: Vulnerability Management Tool with Sample Nessus Reports\n#github #tool\n\n\n18. https://github.com/projectdiscovery/nuclei-templates/issues/8804\nNuclei Template request for ISPConfig CVE-2023-46818\n#github #scanner\n\n\n19. https://github.com/projectdiscovery/nuclei-templates/issues/12020\nNuclei Template PoC Request for CraftCMS CVE-2025-32432\n#github #scanner\n\n\n20. https://github.com/tanjiti/sec_profile\nSecurity Profile Aggregator \u2013 CVE, CISA, NVD, etc.\n#github #intel\n\n\n21. https://github.com/cube0x0/CVE-2021-1675\nPrintNightmare Exploit PoC (CVE-2021-1675 / CVE-2021-34527)\n#github #exploit\n\n22. https://github.com/Maldev-Academy/LsassHijackingViaReg\n\nInjecting DLL into LSASS at boot\n#github #tools\n\n\nOpen-source tools and proof-of-concept (PoC) repositories related to recent CVEs, exploits, and security research. These resources are valuable for educational purposes and can aid students in understanding real-world vulnerabilities and exploitation techniques.", "creation_timestamp": "2025-05-05T10:30:13.000000Z"}, {"uuid": "0ee42686-c987-4e88-b7c3-728c3bccbf6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/52739", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aAI\u4fee\u590d\u751f\u6210\u7684CVE-2025-32432\u7684poc\nURL\uff1ahttps://github.com/bambooqj/CVE-2025-32432\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-09-23T06:24:57.000000Z"}, {"uuid": "a1eb77d2-4dda-4e4e-b6c4-adcfa0e43990", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "Telegram/-p1nygxBVmj-BMsr-NAuovMG6kSRpBR8Vd-csW-0KhQ_MQ", "content": "", "creation_timestamp": "2025-05-28T14:14:01.000000Z"}, {"uuid": "33cc3f13-981a-40e8-b7d9-1a58efb4c5c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "published-proof-of-concept", "source": "https://t.me/TengkorakCyberCrewzz/2609", "content": "Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware \u2013 thehackernews.com\n\nWed, 28 May 2025 19:00:00", "creation_timestamp": "2025-05-28T12:03:33.000000Z"}, {"uuid": "711b3751-1cc1-42cd-9556-da29e7a2d303", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "https://t.me/DarkWebInformer_News/4915", "content": "\ud83d\udea8 News Alert!\n\nSource: The Hacker News\nTitle: Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware\nLink: https://thehackernews.com/2025/05/mimo-hackers-exploit-cve-2025-32432-in.html", "creation_timestamp": "2025-05-28T11:21:01.000000Z"}, {"uuid": "f263501e-2f74-4324-8554-1ba1ee00f378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "https://t.me/itsec_news/5879", "content": "\u200b\u26a1\ufe0f\u041e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0445\u043e\u0440\u043e\u0448\u043e, \u0430 \u0434\u0432\u0435 \u2014 \u043f\u0443\u0442\u044c \u043a \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u043c\u0443 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0443: \u043d\u043e\u0432\u0430\u044f \u0430\u0442\u0430\u043a\u0430 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u043d\u0430 Craft CMS\n\n\ud83d\udcac\n\u0413\u0440\u0443\u043f\u043f\u0430 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b CSIRT \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Orange Cyberdefense \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u0443\u044e \u0441\u0435\u0440\u0438\u044e \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u043d\u0430 \u0431\u0430\u0437\u0435 Craft CMS \u2014 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u043e\u043c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432. \u0420\u0430\u0441\u0441\u043b\u0435\u0434\u0443\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044e \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u043f\u043b\u043e\u0449\u0430\u0434\u043e\u043a, \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0432\u044b\u044f\u0432\u0438\u043b\u0438: \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0442 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u044e \u0438\u0437 \u0434\u0432\u0443\u0445 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0431\u0440\u0435\u0448\u0435\u0439 \u0434\u043b\u044f \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0438 \u043a\u0440\u0430\u0436\u0438 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439.\n\n\u041f\u0435\u0440\u0432\u044b\u0439 \u0438\u0437\u044a\u044f\u043d \u0432 \u0437\u0430\u0449\u0438\u0442\u0435, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0439 \u0438\u043d\u0434\u0435\u043a\u0441 CVE-2025-32432, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430. \u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434 \u043d\u043e\u043c\u0435\u0440\u043e\u043c CVE-2024-58136 \u0442\u0430\u0438\u0442\u0441\u044f \u0432\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Yii, \u043b\u0435\u0436\u0430\u0449\u0435\u043c \u0432 \u043e\u0441\u043d\u043e\u0432\u0435 Craft CMS \u2014 \u043e\u043d\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u044d\u0442\u0438\u0447\u043d\u043e\u0433\u043e \u0445\u0430\u043a\u0438\u043d\u0433\u0430 SensePost, \u0432\u0445\u043e\u0434\u044f\u0449\u0430\u044f \u0432 \u0441\u043e\u0441\u0442\u0430\u0432 Orange Cyberdefense, \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0430 \u043f\u043e\u043b\u043d\u0443\u044e \u043a\u0430\u0440\u0442\u0438\u043d\u0443 \u043d\u0430\u043f\u0430\u0434\u0435\u043d\u0438\u044f. \u0410\u0432\u0442\u043e\u0440\u044b \u0432\u0437\u043b\u043e\u043c\u043e\u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0431\u0430\u0433\u0438, \u0447\u0442\u043e\u0431\u044b \u0440\u0430\u0437\u043c\u0435\u0441\u0442\u0438\u0442\u044c \u043d\u0430 \u0437\u0430\u0445\u0432\u0430\u0447\u0435\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 PHP-\u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0444\u0430\u0439\u043b\u0430\u043c\u0438.\n\n\u0412\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0435 \u0441\u0442\u0430\u0440\u0442\u0443\u0435\u0442 \u0441 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2025-32432: \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044c \u0444\u043e\u0440\u043c\u0438\u0440\u0443\u0435\u0442 \u043e\u0441\u043e\u0431\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441 \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \"return URL\". \u041f\u0435\u0440\u0435\u0434\u0430\u043d\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0432 PHP-\u0444\u0430\u0439\u043b \u0441\u0435\u0441\u0441\u0438\u0438, \u0430 \u0435\u0451 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 \u043e\u0442\u0432\u0435\u0442\u0430 \u043d\u0430 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441.\n\n\u041d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c \u044d\u0442\u0430\u043f\u0435, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0443\u0436\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0430 CVE-2024-58136, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f JSON-\u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430, \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u0443\u044e\u0449\u0430\u044f PHP-\u043a\u043e\u0434 \u0438\u0437 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u043d\u0435\u0435 \u0441\u0435\u0441\u0441\u0438\u043e\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430. \u0422\u0430\u043a\u043e\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0439 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 \u0438 \u0440\u0430\u0437\u0432\u0438\u0442\u044c \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0435 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435.\n\n\u041f\u043e\u043b\u0443\u0447\u0438\u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c, \u0432\u0437\u043b\u043e\u043c\u0449\u0438\u043a\u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u044e\u0442 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u044b \u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0443\u044e\u0442 \u043a\u0430\u043d\u0430\u043b\u044b \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0430 \u043f\u043e\u0445\u0438\u0449\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u041f\u043e\u043b\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0441\u0445\u0435\u043c\u044b \u043f\u043e\u044f\u0432\u0438\u0442\u0441\u044f \u0447\u0443\u0442\u044c \u043f\u043e\u0437\u0436\u0435 \u0432 \u0433\u043e\u0442\u043e\u0432\u044f\u0449\u0435\u0439\u0441\u044f \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\n\u0421\u043e\u0437\u0434\u0430\u0442\u0435\u043b\u0438 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043f\u0430\u0442\u0447\u0438. \u041a\u043e\u043c\u0430\u043d\u0434\u0430 Yii \u0437\u0430\u043a\u0440\u044b\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-58136 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 2.0.52 \u043e\u0442 9 \u0430\u043f\u0440\u0435\u043b\u044f. \u041d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0434\u0435\u043d\u044c \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Craft CMS \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f 3.9.15, 4.14.15 \u0438 5.6.17, \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0443\u044e\u0449\u0438\u0435 CVE-2025-32432.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0432 Craft CMS \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043e\u043f\u0430\u0441\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f Yii 2.0.51, \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0438 Orange \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442: \u043f\u043e\u0441\u043b\u0435 \u0430\u043f\u0434\u0435\u0439\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0430 \u0430\u0442\u0430\u043a \u0442\u0435\u0440\u044f\u0435\u0442 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0438\u0437\u044a\u044f\u043d \u0432\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 \u043f\u043e\u043f\u0440\u043e\u0441\u0442\u0443 \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u0412\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0441\u043e\u0432\u0435\u0442\u0443\u044e\u0442 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441 \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u0445 \u043c\u0435\u0440\u043e\u043f\u0440\u0438\u044f\u0442\u0438\u0439. \u041f\u0435\u0440\u0432\u043e\u043e\u0447\u0435\u0440\u0435\u0434\u043d\u0430\u044f \u0437\u0430\u0434\u0430\u0447\u0430 \u2014 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u043b\u044e\u0447\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 php craft setup/security-key \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 CRAFT_SECURITY_KEY \u0432\u043e \u0432\u0441\u0435\u0445 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f\u0445.\n\n\u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043c\u0435\u043d\u0430 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0445 \u043a\u043b\u044e\u0447\u0435\u0439 \u0432 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c\u0438 S3, Stripe \u0438 \u0434\u0440\u0443\u0433\u0438\u043c\u0438) \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u043a\u0432\u0438\u0437\u0438\u0442\u043e\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0431\u0430\u0437\u0430\u043c \u0434\u0430\u043d\u043d\u044b\u0445. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043c\u0435\u0440\u044b \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0441\u0431\u0440\u043e\u0441 \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u0432\u0441\u0435\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u044b php craft resave/users --set passwordResetRequired --to \"fn() => true\".\n\n\u0418\u0441\u0447\u0435\u0440\u043f\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438, \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u0438 \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0438 \u043a \u043e\u0442\u0447\u0435\u0442\u0443 SensePost . \u0415\u0449\u0435 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 \u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410 (CISA) \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u043b\u043e \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0440\u0443\u0433\u043e\u0439 \u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0432 Craft CMS \u0432\u0435\u0440\u0441\u0438\u0439 4 \u0438 5 \u2014 CVE-2025-23209, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434. \u0427\u0435\u0440\u0435\u0434\u0430 \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0440\u0430\u0441\u0442\u0443\u0449\u0438\u0439 \u0438\u043d\u0442\u0435\u0440\u0435\u0441 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u0432 \u043a \u044d\u0442\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435, \u0447\u0442\u043e \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043e\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u043e\u0441\u043e\u0431\u043e\u0439 \u0431\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u0442\u0440\u043e\u0433\u043e\u0433\u043e \u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-04-28T04:49:19.000000Z"}, {"uuid": "9947b8a2-ff2e-44fc-90dd-eca8fafdbf18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "https://t.me/CyberBulletin/10684", "content": "\u26a1\ufe0fCVE-2025-32432 (CVSS 10): Craft CMS Hit by Critical RCE Flaw Exploited in the Wild.\n\n#CyberBulletin", "creation_timestamp": "2025-04-26T14:15:16.000000Z"}, {"uuid": "e96a750c-b8f0-4688-92f7-5a08096ad20b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "https://t.me/TengkorakCyberCrewzz/31497", "content": "Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware \u2013 thehackernews.com\n\nWed, 28 May 2025 19:00:00", "creation_timestamp": "2025-05-28T14:03:33.000000Z"}, {"uuid": "df902433-ea79-4010-9b25-6a34e7a51ef3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "https://t.me/cyberbannews_ir/16505", "content": "\ud83e\ude99 \u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 Craft CMS\n\n\ud83d\udd3a\u0633\u06cc\u0633\u062a\u0645 Craft CMS\u00a0\u06cc\u06a9 \u0633\u06cc\u0633\u062a\u0645 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0645\u062d\u062a\u0648\u0627\u06cc \u067e\u06cc\u0634\u0631\u0641\u062a\u0647 \u0648 \u0627\u0646\u0639\u0637\u0627\u0641\u200c\u067e\u0630\u06cc\u0631 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u06a9\u0633\u0628\u200c\u0648\u06a9\u0627\u0631\u0647\u0627 \u0648 \u062a\u0648\u0633\u0639\u0647\u200c\u062f\u0647\u0646\u062f\u06af\u0627\u0646 \u06a9\u0645\u06a9 \u0645\u06cc\u200c\u06a9\u0646\u062f \u062a\u0627 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a\u200c\u0647\u0627 \u0648 \u067e\u0644\u062a\u0641\u0631\u0645\u200c\u0647\u0627\u06cc \u0622\u0646\u0644\u0627\u06cc\u0646 \u0645\u0646\u062d\u0635\u0631\u0628\u0647\u200c\u0641\u0631\u062f \u0648 \u0645\u062a\u0646\u0627\u0633\u0628 \u0628\u0627 \u0646\u06cc\u0627\u0632\u0647\u0627\u06cc \u062e\u0648\u062f \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u0646\u062f. \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0645\u062d\u0628\u0648\u0628\u06cc\u062a \u0627\u06cc\u0646 \u067e\u0644\u062a\u0641\u0631\u0645 \u062f\u0631 \u067e\u0631\u0648\u0698\u0647\u200c\u0647\u0627\u06cc \u0633\u0627\u0632\u0645\u0627\u0646\u06cc \u0648 \u062a\u062c\u0627\u0631\u06cc\u060c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0622\u0646 \u0627\u0647\u0645\u06cc\u062a \u0628\u0627\u0644\u0627\u06cc\u06cc \u062f\u0627\u0631\u062f.\n\n\ud83d\udd3b\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CVE-2025-32432 \u06a9\u0647 \u0627\u062e\u06cc\u0631\u0627\u064b \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a\u060c Craft CMS \u0631\u0627 \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u062d\u0645\u0644\u0627\u062a \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a. \u0628\u0627 \u062a\u0648\u062c\u0647 \u0628\u0647 \u0627\u06cc\u0646\u06a9\u0647 \u0634\u062f\u062a \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc 10 \u0627\u0633\u062a\u060c \u0631\u0641\u0639 \u0633\u0631\u06cc\u0639 \u0622\u0646 \u0636\u0631\u0648\u0631\u06cc \u0645\u06cc\u200c\u0628\u0627\u0634\u062f.\n\n#\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc #\u0648\u0631\u062f_\u067e\u0631\u0633\n\n\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\n\ud83d\udd39\ud83d\udd39 @cyberbannews_ir", "creation_timestamp": "2025-04-30T05:58:21.000000Z"}, {"uuid": "642c0f38-2ad1-4366-8c6a-371f4b6331d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "https://t.me/thehackernews/6901", "content": "\ud83d\udea8 A new zero-day is under attack \u2014 and it\u2019s making money off your CMS.\n\nHackers are hijacking Craft CMS via a fresh zero-day to mine crypto and sell your bandwidth \u2014 all with stealthy new tools. One odd Python trick might help you spot them.\n\nLearn more: https://thehackernews.com/2025/05/mimo-hackers-exploit-cve-2025-32432-in.html", "creation_timestamp": "2025-05-28T13:07:12.000000Z"}, {"uuid": "668eb20e-ab67-4903-b306-b687e7ec0691", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "Telegram/crw_-P57cZToeFN7u8-b6BVyp3Xb7yw8qMjnnUlxQtrsKbI", "content": "", "creation_timestamp": "2025-05-28T14:41:20.000000Z"}, {"uuid": "00d4fb99-28b3-4159-94a2-14a2460e38ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "https://t.me/CyberBulletin/3121", "content": "\u26a1\ufe0fCVE-2025-32432 (CVSS 10): Craft CMS Hit by Critical RCE Flaw Exploited in the Wild.\n\n#CyberBulletin", "creation_timestamp": "2025-04-26T16:15:16.000000Z"}, {"uuid": "9cf97828-ab71-4ef2-8ac7-b8095ad8e870", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "https://t.me/cibsecurity/85088", "content": "\ud83d\udd8b\ufe0f Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware \ud83d\udd8b\ufe0f\n\nA financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System CMS to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware. The vulnerability in question is CVE202532432, a maximum severity flaw in Craft CMS that was patched in.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"The Hacker News\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2025-05-28T22:43:38.000000Z"}, {"uuid": "cf2c19fa-672d-43b3-941f-387d853786e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "https://t.me/cibsecurity/85118", "content": "\ud83d\udd8b\ufe0f Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware \ud83d\udd8b\ufe0f\n\nA financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System CMS to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware. The vulnerability in question is CVE202532432, a maximum severity flaw in Craft CMS that was patched in.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"The Hacker News\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2025-05-28T17:27:25.000000Z"}, {"uuid": "1ee2c320-df35-47b0-9ea3-a4022f9946eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "https://t.me/cibsecurity/85117", "content": "\ud83d\udd8b\ufe0f Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware \ud83d\udd8b\ufe0f\n\nA financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System CMS to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware. The vulnerability in question is CVE202532432, a maximum severity flaw in Craft CMS that was patched in.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"The Hacker News\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2025-05-28T17:27:25.000000Z"}, {"uuid": "05e2115a-732e-4768-936f-dd41c51452f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "published-proof-of-concept", "source": "Telegram/kCwx96zqmTdkYxwrmGJzn8TflPgDOGN4WcwsMs0NIIpiaxk", "content": "", "creation_timestamp": "2025-04-27T17:00:12.000000Z"}, {"uuid": "80ed5fdc-b005-4daa-8dc4-7abf7a393a43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "https://t.me/true_secator/6991", "content": "\u041a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0432\u0437\u044f\u043b\u043e\u0441\u044c \u0437\u0430 Craft CMS, \u0443\u0441\u043f\u0435\u0432, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u043e\u0442\u043d\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0430\u0446\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u0434\u0432\u0435 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 0-day \u0430\u0442\u0430\u043a \u0441 \u0446\u0435\u043b\u044c\u044e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\u0410\u0442\u0430\u043a\u0438, \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 Orange Cyberdefense SensePost 14 \u0444\u0435\u0432\u0440\u0430\u043b\u044f 2025 \u0433\u043e\u0434\u0430, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0432 \u0441\u0435\u0431\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\n- CVE-2024-58136\u00a0(CVSS: 9,0): \u043d\u0435\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0430\u044f \u0437\u0430\u0449\u0438\u0442\u0430 \u043e\u0442 \u043e\u0448\u0438\u0431\u043a\u0438 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Yii PHP, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u043c Craft CMS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c \u0438\u043b\u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c (\u0440\u0435\u0433\u0440\u0435\u0441\u0441 CVE-2024-4990).\n\n- CVE-2025-32432\u00a0(CVSS: 10,0): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 Craft CMS (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 3.9.15, 4.14.15 \u0438 5.6.17).\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, CVE-2025-32432 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432\u043e \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u0430\u0439\u0442\u043e\u0432 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0442\u044c \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u043c \u0444\u043e\u0440\u043c\u0430\u0442\u0435.\n\nCVE-2025-32432 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441 POST \u043d\u0430 \u043a\u043e\u043d\u0435\u0447\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443, \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u0443\u044e \u0437\u0430 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f, \u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 POST \u0431\u0443\u0434\u0443\u0442 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c.\n\n\u0412 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 3.x Craft CMS \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f \u0434\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u0430 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f, \u0442\u043e\u0433\u0434\u0430 \u043a\u0430\u043a \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 4.x \u0438 5.x \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440  \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435.\n\n\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431\u044b \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043b \u0441 \u043a\u0430\u0436\u0434\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 Craft CMS, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0439\u0442\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430.\n\n\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430 \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 Craft CMS \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u043a \u0441\u043f\u043e\u0441\u043e\u0431\u0443 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0438 \u043c\u0435\u0434\u0438\u0430\u0444\u0430\u0439\u043b\u0430\u043c\u0438, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043a\u0430\u0436\u0434\u043e\u043c\u0443 \u0430\u043a\u0442\u0438\u0432\u0443 \u043f\u0440\u0438\u0441\u0432\u0430\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u0441\u0442\u043e\u044f\u0449\u0438\u0435 \u0437\u0430 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0435\u0439, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e POST-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0434\u043e \u0442\u0435\u0445 \u043f\u043e\u0440, \u043f\u043e\u043a\u0430 \u043d\u0435 \u0431\u0443\u0434\u0435\u0442 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0441\u043a\u0440\u0438\u043f\u0442 Python, \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044f PHP-\u0444\u0430\u0439\u043b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 \u0438\u0437 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f GitHub.\n\n\u0412 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 10 \u043f\u043e 11 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0437\u0430\u043c\u0435\u0442\u043d\u043e \u043e\u0442\u0442\u043e\u0447\u0438\u043b\u0438 \u0441\u0432\u043e\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u044b, \u043c\u043d\u043e\u0433\u043e\u043a\u0440\u0430\u0442\u043d\u043e \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u0432 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 filemanager.php \u043d\u0430 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043a\u0440\u0438\u043f\u0442\u0430 Python. \n\n\u0424\u0430\u0439\u043b filemanager.php \u0431\u044b\u043b \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d \u0432 autoload_classmap.php 12 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0438 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0431\u044b\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d 14 \u0444\u0435\u0432\u0440\u0430\u043b\u044f.\n\n\u041f\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u043d\u0430 18 \u0430\u043f\u0440\u0435\u043b\u044f 2025 \u0433\u043e\u0434\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043e \u043e\u043a\u043e\u043b\u043e 13\u00a0000 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Craft CMS, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u043a\u043e\u043b\u043e 300 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0431\u044b\u043b\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u044b.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Craft CMS, \u0435\u0441\u043b\u0438 \u043f\u0440\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u0438\u043b\u0438 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0430\u0442\u0441\u044f \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b POST \u043a \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 Craft actions/assets/generate-transform, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0441\u043e \u0441\u0442\u0440\u043e\u043a\u043e\u0439 __class \u0432 \u0442\u0435\u043b\u0435, \u0442\u043e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0430\u0433\u0430\u0442\u044c, \u0447\u0442\u043e \u0441\u0430\u0439\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043b\u0441\u044f \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043a\u043b\u044e\u0447\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0441\u043c\u0435\u043d\u0438\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445, \u0441\u0431\u0440\u043e\u0441\u0438\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 \u0446\u0435\u043b\u044f\u0445 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u043e\u0440\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430.", "creation_timestamp": "2025-04-28T15:10:37.000000Z"}, {"uuid": "927d78c4-80f6-45b7-b33b-6540434adffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "https://t.me/S_E_Reborn/5584", "content": "\u041a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0432\u0437\u044f\u043b\u043e\u0441\u044c \u0437\u0430 Craft CMS, \u0443\u0441\u043f\u0435\u0432, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u043e\u0442\u043d\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0430\u0446\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u0434\u0432\u0435 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 0-day \u0430\u0442\u0430\u043a \u0441 \u0446\u0435\u043b\u044c\u044e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\u0410\u0442\u0430\u043a\u0438, \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 Orange Cyberdefense SensePost 14 \u0444\u0435\u0432\u0440\u0430\u043b\u044f 2025 \u0433\u043e\u0434\u0430, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0432 \u0441\u0435\u0431\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\n- CVE-2024-58136\u00a0(CVSS: 9,0): \u043d\u0435\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0430\u044f \u0437\u0430\u0449\u0438\u0442\u0430 \u043e\u0442 \u043e\u0448\u0438\u0431\u043a\u0438 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Yii PHP, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u043c Craft CMS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c \u0438\u043b\u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c (\u0440\u0435\u0433\u0440\u0435\u0441\u0441 CVE-2024-4990).\n\n- CVE-2025-32432\u00a0(CVSS: 10,0): \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 Craft CMS (\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 3.9.15, 4.14.15 \u0438 5.6.17).\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, CVE-2025-32432 \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432\u043e \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u0430\u0439\u0442\u043e\u0432 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0442\u044c \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u043c \u0444\u043e\u0440\u043c\u0430\u0442\u0435.\n\nCVE-2025-32432 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441 POST \u043d\u0430 \u043a\u043e\u043d\u0435\u0447\u043d\u0443\u044e \u0442\u043e\u0447\u043a\u0443, \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u0443\u044e \u0437\u0430 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f, \u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 POST \u0431\u0443\u0434\u0443\u0442 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c.\n\n\u0412 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 3.x Craft CMS \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f \u0434\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u0430 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u044f, \u0442\u043e\u0433\u0434\u0430 \u043a\u0430\u043a \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 4.x \u0438 5.x \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440  \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435.\n\n\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431\u044b \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043b \u0441 \u043a\u0430\u0436\u0434\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 Craft CMS, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0439\u0442\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430.\n\n\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430 \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 Craft CMS \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u043a \u0441\u043f\u043e\u0441\u043e\u0431\u0443 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0438 \u043c\u0435\u0434\u0438\u0430\u0444\u0430\u0439\u043b\u0430\u043c\u0438, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043a\u0430\u0436\u0434\u043e\u043c\u0443 \u0430\u043a\u0442\u0438\u0432\u0443 \u043f\u0440\u0438\u0441\u0432\u0430\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u0441\u0442\u043e\u044f\u0449\u0438\u0435 \u0437\u0430 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0435\u0439, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e POST-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0434\u043e \u0442\u0435\u0445 \u043f\u043e\u0440, \u043f\u043e\u043a\u0430 \u043d\u0435 \u0431\u0443\u0434\u0435\u0442 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0430\u043a\u0442\u0438\u0432\u0430, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0441\u043a\u0440\u0438\u043f\u0442 Python, \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044f PHP-\u0444\u0430\u0439\u043b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 \u0438\u0437 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f GitHub.\n\n\u0412 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 10 \u043f\u043e 11 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0437\u0430\u043c\u0435\u0442\u043d\u043e \u043e\u0442\u0442\u043e\u0447\u0438\u043b\u0438 \u0441\u0432\u043e\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u044b, \u043c\u043d\u043e\u0433\u043e\u043a\u0440\u0430\u0442\u043d\u043e \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u0432 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 filemanager.php \u043d\u0430 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043a\u0440\u0438\u043f\u0442\u0430 Python. \n\n\u0424\u0430\u0439\u043b filemanager.php \u0431\u044b\u043b \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d \u0432 autoload_classmap.php 12 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0438 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0431\u044b\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d 14 \u0444\u0435\u0432\u0440\u0430\u043b\u044f.\n\n\u041f\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u043d\u0430 18 \u0430\u043f\u0440\u0435\u043b\u044f 2025 \u0433\u043e\u0434\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043e \u043e\u043a\u043e\u043b\u043e 13\u00a0000 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Craft CMS, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u043a\u043e\u043b\u043e 300 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0431\u044b\u043b\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u044b.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Craft CMS, \u0435\u0441\u043b\u0438 \u043f\u0440\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u0438\u043b\u0438 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0430\u0442\u0441\u044f \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b POST \u043a \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 Craft actions/assets/generate-transform, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0441\u043e \u0441\u0442\u0440\u043e\u043a\u043e\u0439 __class \u0432 \u0442\u0435\u043b\u0435, \u0442\u043e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0430\u0433\u0430\u0442\u044c, \u0447\u0442\u043e \u0441\u0430\u0439\u0442 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043b\u0441\u044f \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043a\u043b\u044e\u0447\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0441\u043c\u0435\u043d\u0438\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445, \u0441\u0431\u0440\u043e\u0441\u0438\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 \u0446\u0435\u043b\u044f\u0445 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u043e\u0440\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430.", "creation_timestamp": "2025-04-28T18:02:47.000000Z"}, {"uuid": "ed8ee3f5-4406-4bf9-8294-2115c568accf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "seen", "source": "Telegram/t8K1XuU9DycjdS-BJ0HBwR2vMp2ysg1gNZKK5Q0_GJ-ZI8I", "content": "", "creation_timestamp": "2025-04-25T18:02:30.000000Z"}, {"uuid": "b9a3aab4-302a-4d08-a29f-a09db05ce4ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "https://t.me/MalaysiaHacktivistz/13491", "content": "Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware \u2013 thehackernews.com\n\nWed, 28 May 2025 19:00:00", "creation_timestamp": "2025-05-28T14:03:33.000000Z"}, {"uuid": "00996675-c2cd-4b01-b51b-b6a0a245b5ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "exploited", "source": "https://t.me/MalaysiaHacktivistz/4468", "content": "Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware \u2013 thehackernews.com\n\nWed, 28 May 2025 19:00:00", "creation_timestamp": "2025-05-28T14:03:33.000000Z"}, {"uuid": "9bec1c24-57e2-42e3-99e5-329e340887a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32432", "type": "published-proof-of-concept", "source": "https://t.me/liwaamohammad/1925", "content": "https://github.com/Chocapikk/CVE-2025-32432\n\nCheck for CVE-2025-32432 vulnerability\n#github #exploit", "creation_timestamp": "2025-05-02T14:06:21.000000Z"}]}