Nicolas Bourras

Investigating an in-the-wild campaign using RCE in CraftCMS

18 April 2025 ~26 min By Nicolas Bourras

Analysis Craft Cms Incident Response Ioc Malware Php Post-Exploitation Threat Hunting Yii Iocs Post Exploitation

Analysis
Craft Cms
Incident Response
Ioc
Malware
Php
Post-Exploitation
Threat Hunting
Yii
Iocs
Post Exploitation

In mid-February, Orange Cyberdefense’s CSIRT was tasked with investigating a server that had been hosting a now-unavailable website. The site had been built using CraftCMS running version 4.12.8. The forensic investigation and post-analysis with the Ethical Hacking team led to the discovery of two CVEs: CVE-2024-58136 and CVE-2025-32432. This blog post aims to present: The investigation that led to the finding of those two CVEs, and details of the different…

Page 1 of 1