CISA KEV 정보
| 취약점명 | Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability |
|---|---|
| 설명 | Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 as represented by CVE-2025-32432. |
| 조치사항 | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-472 |
| 등록일 (KEV) | 2025-06-02 |
| 조치 기한 | 2025-06-23 |
| 추가 참고 | https://github.com/craftcms/cms/pull/17220 ; https://nvd.nist.gov/vuln/detail/CVE-2025-35939 |
NVD 상세 정보
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N설명: Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at '/var/lib/php/sessions'. Such session files are named 'sess_[session_value]', where '[session_value]' is provided to the client in a 'Set-Cookie' response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue.
CWE: CWE-472
참조
- https://github.com/craftcms/cms/pull/17220 [Patch]
- https://github.com/craftcms/cms/releases/tag/4.15.3 [Release Notes]
- https://github.com/craftcms/cms/releases/tag/5.7.5 [Release Notes]
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json [Third Party Advisory]
- https://www.cve.org/CVERecord?id=CVE-2025-35939 [VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-35939 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.