Emerging Zero-Day Exploits in Craft CMS and Active! Mail: Critical Vulnerabilities and Mitigation Strategies
Recent cybersecurity developments have highlighted critical vulnerabilities in Craft CMS and Active! Mail, which are being actively exploited by threat actors. Two zero-day vulnerabilities in Craft CMS, CVE-2024-58136 and CVE-2025-32432, have been leveraged in attacks to gain unauthorized access to servers. These vulnerabilities allow attackers to exploit improper protection of alternate paths and execute remote code, respectively. The attacks were first observed in February 2025, with nearly 300 out of 13,000 identified vulnerable instances reportedly compromised.
In parallel, a zero-day stack-based buffer overflow vulnerability in Active! Mail (CVE-2025-42599) is under active exploitation, primarily targeting organizations in Japan. This vulnerability allows remote code execution or denial-of-service attacks when a crafted request is sent by a third party. The vulnerability has been addressed in the latest software update, version 6.60.06008562.
These incidents underscore a growing trend of sophisticated cyberattacks exploiting zero-day vulnerabilities to compromise systems and data. Organizations using affected software are urged to prioritize patching and implement robust security measures to mitigate potential risks.
Threats and Vulnerabilities
The Craft CMS vulnerabilities involve two critical flaws: CVE-2024-58136, an improper protection of alternate path flaw in the Yii PHP framework, and CVE-2025-32432, a remote code execution vulnerability in the image transformation feature. The latter allows unauthenticated users to send POST requests that can be manipulated to execute arbitrary code on the server. Attackers have been observed using Python scripts to automate the discovery of valid asset IDs necessary for exploitation.
Active! Mail's CVE-2025-42599 is a stack-based buffer overflow vulnerability that can be exploited to execute arbitrary code or cause a denial-of-service condition. This vulnerability is particularly concerning due to its high CVSS score of 9.8 and active exploitation in the wild.
Client Impact
Clients using Craft CMS or Active! Mail may face significant risks, including unauthorized access to sensitive data, operational disruptions, and potential financial losses due to system downtime or data breaches. The exploitation of these vulnerabilities could also lead to reputational damage and regulatory compliance challenges, especially if personal or sensitive data is compromised.
Compliance implications are significant, as organizations may face audits or penalties if they fail to address these vulnerabilities promptly. Ensuring systems are updated and secure is crucial to maintaining compliance with relevant regulations and standards.
Mitigations
To mitigate the identified risks, clients should consider the following actions:
- Update Craft CMS to versions 3.9.15, 4.14.15, or 5.6.17 to address CVE-2025-32432.
- Apply the latest patch for Active! Mail (version 6.60.06008562) to mitigate CVE-2025-42599.
- Monitor firewall and web server logs for suspicious POST requests targeting the Craft CMS image transformation endpoint.
- Refresh security keys, rotate database credentials, and reset user passwords if there is evidence of compromise.
- Implement firewall rules to block malicious requests and enhance network security.
- Conduct regular security assessments and vulnerability scans to identify and address potential weaknesses.
By taking these steps, organizations can reduce their exposure to these vulnerabilities and enhance their overall security posture. Continuous monitoring and timely updates are essential components of an effective cybersecurity strategy.
1898 & Co. Response
1898 & Co. is actively addressing the current threat landscape by offering specialized services designed to mitigate emerging threats like those affecting Craft CMS and Active! Mail. Our team provides tailored vulnerability assessments and patch management solutions to help clients secure their systems against these critical vulnerabilities.
We are updating our security protocols to incorporate the latest threat intelligence and collaborate with industry partners to share insights and strategies for effective mitigation. Our ongoing research efforts focus on identifying new attack vectors and developing innovative solutions to protect our clients' digital assets.
Through case studies and real-world examples, we demonstrate the effectiveness of our security measures in preventing unauthorized access and minimizing the impact of cyberattacks. Clients can rely on our expertise to navigate the complexities of cybersecurity and maintain a resilient security posture.