CVE-2025-23209: Craft CMS RCE via Twig SSTI
Is Craft CMS vulnerable to code execution?
A code injection vulnerability in Craft CMS via server-side template injection (SSTI) in Twig templates. Attackers who obtain the application secret key can execute arbitrary code through crafted template injection payloads.
Impact & Exploitation
Added to CISA KEV. Craft CMS powers over 150,000 websites. Combined with information disclosure vulnerabilities, enables full RCE chain without authentication.
How Precogs AI Detects Craft CMS RCE via Twig SSTI
Precogs AI detects template injection vulnerabilities in compiled web applications, identifying SSTI patterns in Twig, Jinja2, and other template engines during Binary DAST testing.
Precogs Research
This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.