Security Advisories - craftcms/cms - Packagist

craftcms/cms Security Advisories for 5.7.8.1 (2)

[MEDIUM] Craft CMS Potential Remote Code Execution via Twig SSTI

PKSA-cbq7-fhfn-fyt5 CVE-2025-57811 GHSA-crcq-738g-pqvc

Affected version: >=5.0.0-RC1,<=5.8.6|>=4.0.0-RC1,<=4.16.5

Reported by:
GitHub
[MEDIUM] Craft CMS has a theoretical bypass for CVE-2025-23209

PKSA-xnt5-5jkh-xr5x CVE-2025-54417 GHSA-2vcf-qxv3-2mgw

Affected version: >=5.5.8,<5.8.4|>=4.13.8,<4.16.3

Reported by:
GitHub