Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-32432 PoC — Craft CMS Allows Remote Code Execution

Source
https://github.com/Chocapikk/CVE-2025-32432
Associated Vulnerability
Title:Craft CMS Allows Remote Code Execution (CVE-2025-32432)
Description:Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.
Description
CraftCMS RCE Checker (CVE-2025-32432)
Readme
# Check for CVE-2025-32432 vulnerability

```bash
Usage:
  checker [flags]

Flags:
      --debug              verbose debug
      --file string        file of URLs
  -h, --help               help for checker
      --output string      vulnerable URLs output
      --threads int        concurrent workers (default 15)
      --timeout duration   timeout (default 15s)
      --url string         target URL
```
File Snapshot

 [4.0K]  /data/pocs/e159458dc9466533c4e2c85bd9bdc554b06d00a2
├── [1.2K]  go.mod
├── [ 11K]  go.sum
├── [8.0K]  main.go
└── [ 407]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →