Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
Critical RCE Vulnerability in Craft CMS Exploited to Deploy Cryptominers and Ransomware
Malware and Vulnerabilities
May 28, 2025
sekoia
A critical unauthenticated Remote Code Execution (RCE) vulnerability, CVE-2025-32432, in Craft CMS (versions 3.0.0-RC1 to 5.6.17) is being actively exploited by the Mimo threat group.
Read More
Craft CMS
CVE-2025-32432
Remote Code Execution
XMRig
IPRoyal
Publisher
Previous
China accuses Taiwan-linked group of cyberattack on loc ...
Breaches and Incidents
Next
Nearly 70,000 impacted by ransomware attack on Sheboyga ...
Breaches and Incidents
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_64015865_SMALL.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/67ba_Shutterstock_1113013901.jpg)
