{"id":22104,"date":"2025-02-26T00:05:09","date_gmt":"2025-02-26T03:05:09","guid":{"rendered":"https:\/\/www.ethicalhacker.com.br\/site\/?p=22104"},"modified":"2025-02-22T20:47:33","modified_gmt":"2025-02-22T23:47:33","slug":"cisa-sinaliza-vulnerabilidade-do-craft-cms","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2025\/02\/basico\/cisa-sinaliza-vulnerabilidade-do-craft-cms\/","title":{"rendered":"CISA sinaliza vulnerabilidade  do Craft CMS"},"content":{"rendered":"\n<p class=\"story-title\"><strong>CISA sinaliza vulnerabilidade CVE-2025-23209 do Craft CMS em meio a ataques ativos<\/strong><\/p>\n<p style=\"text-align: justify;\">Recentemente, a\u00a0<strong>CISA (Cybersecurity and Infrastructure Security Agency)<\/strong>\u00a0adicionou a vulnerabilidade\u00a0<strong>CVE-2025-23209<\/strong>, que afeta o Craft CMS, ao seu cat\u00e1logo de vulnerabilidades exploradas conhecidas (KEV). Essa falha de alta gravidade permite a\u00a0<strong>inje\u00e7\u00e3o de c\u00f3digo remoto (RCE)<\/strong>\u00a0em vers\u00f5es comprometidas do Craft CMS, colocando em risco a seguran\u00e7a de sistemas que utilizam essa plataforma. Neste artigo, vamos explorar como essa vulnerabilidade funciona, como mitig\u00e1-la e como Python pode ser uma ferramenta poderosa para proteger seus sistemas.<\/p>\n<p>\u00a0<\/p>\n<p><strong>Entendendo a vulnerabilidade CVE-2025-23209<\/strong><\/p>\n<p>A vulnerabilidade\u00a0<strong>CVE-2025-23209<\/strong>\u00a0afeta o Craft CMS nas vers\u00f5es 4 e 5, especificamente:<\/p>\n<ul>\n<li>\n<p><strong>Vers\u00f5es 5.x<\/strong>: &gt;= 5.0.0-RC1, &lt; 5.5.5<\/p>\n<\/li>\n<li>\n<p><strong>Vers\u00f5es 4.x<\/strong>: &gt;= 4.0.0-RC1, &lt; 4.13.8<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">O problema ocorre devido a uma\u00a0<strong>inje\u00e7\u00e3o de c\u00f3digo<\/strong>\u00a0que permite a execu\u00e7\u00e3o remota de comandos em sistemas com chaves de seguran\u00e7a comprometidas. A explora\u00e7\u00e3o dessa falha pode resultar em acesso n\u00e3o autorizado, manipula\u00e7\u00e3o de dados e at\u00e9 mesmo o controle total do servidor.<\/p>\n<p style=\"text-align: justify;\">A Craft CMS j\u00e1 lan\u00e7ou corre\u00e7\u00f5es nas vers\u00f5es\u00a0<strong>4.13.8<\/strong>\u00a0e\u00a0<strong>5.5.8<\/strong>, mas para sistemas que n\u00e3o podem ser atualizados imediatamente, a recomenda\u00e7\u00e3o \u00e9\u00a0rotacionar as chaves de seguran\u00e7a\u00a0e garantir sua privacidade.<\/p>\n<p>\u00a0<\/p>\n<p><strong>Como Python pode ajudar na mitiga\u00e7\u00e3o?<\/strong><\/p>\n<p style=\"text-align: justify;\">Python \u00e9 uma linguagem extremamente vers\u00e1til e pode ser usada para automatizar tarefas de seguran\u00e7a, como verifica\u00e7\u00e3o de vulnerabilidades, rota\u00e7\u00e3o de chaves e monitoramento de sistemas. Abaixo, apresentamos exemplos pr\u00e1ticos de como Python pode ser utilizado para mitigar riscos relacionados ao CVE-2025-23209.<\/p>\n<p>\u00a0<\/p>\n<p><strong>1. Verifica\u00e7\u00e3o de vers\u00f5es vulner\u00e1veis do Craft CMS<\/strong><\/p>\n<p style=\"text-align: justify;\">Podemos criar um script em Python para verificar se a vers\u00e3o instalada do Craft CMS est\u00e1 entre as afetadas pela vulnerabilidade.<\/p>\n<div class=\"md-code-block\">\n<div class=\"md-code-block-banner-wrap\">\n<div class=\"md-code-block-banner\">\u00a0<\/div>\n<\/div>\n<pre><span class=\"token keyword\"><br \/>import<\/span> requests\n\n<span class=\"token keyword\">def<\/span> <span class=\"token function\">check_craft_version<\/span><span class=\"token punctuation\">(<\/span>version<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n    vulnerable_ranges <span class=\"token operator\">=<\/span> <span class=\"token punctuation\">[<\/span>\n        <span class=\"token punctuation\">(<\/span><span class=\"token string\">\"5.0.0-RC1\"<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token string\">\"5.5.5\"<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">,<\/span>\n        <span class=\"token punctuation\">(<\/span><span class=\"token string\">\"4.0.0-RC1\"<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token string\">\"4.13.8\"<\/span><span class=\"token punctuation\">)<\/span>\n    <span class=\"token punctuation\">]<\/span>\n\n    <span class=\"token keyword\">for<\/span> min_version<span class=\"token punctuation\">,<\/span> max_version <span class=\"token keyword\">in<\/span> vulnerable_ranges<span class=\"token punctuation\">:<\/span>\n        <span class=\"token keyword\">if<\/span> min_version <span class=\"token operator\">&lt;=<\/span> version <span class=\"token operator\">&lt;<\/span> max_version<span class=\"token punctuation\">:<\/span>\n            <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[ALERTA] Vers\u00e3o <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>version<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\"> \u00e9 vulner\u00e1vel ao CVE-2025-23209!\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n            <span class=\"token keyword\">return<\/span> <span class=\"token boolean\">True<\/span>\n\n    <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[SUCESSO] Vers\u00e3o <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>version<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\"> n\u00e3o \u00e9 afetada.\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n    <span class=\"token keyword\">return<\/span> <span class=\"token boolean\">False<\/span>\n\n<span class=\"token comment\"># Exemplo de uso<\/span>\ncheck_craft_version<span class=\"token punctuation\">(<\/span><span class=\"token string\">\"5.5.4\"<\/span><span class=\"token punctuation\">)<\/span>  <span class=\"token comment\"># Substitua pela vers\u00e3o do seu sistema<br \/><br \/><\/span><\/pre>\n<\/div>\n<p style=\"text-align: left;\">Esse script compara a vers\u00e3o do Craft CMS com os intervalos vulner\u00e1veis e alerta se houver risco.<\/p>\n<h3>\u00a0<\/h3>\n<p><strong>2. Rota\u00e7\u00e3o automatizada de chaves de seguran\u00e7a<\/strong><\/p>\n<p style=\"text-align: justify;\">Se a atualiza\u00e7\u00e3o imediata n\u00e3o for poss\u00edvel, a rota\u00e7\u00e3o das chaves de seguran\u00e7a \u00e9 uma medida recomendada. Podemos usar Python para automatizar esse processo.<\/p>\n<div class=\"md-code-block\">\n<div class=\"md-code-block-banner-wrap\">\n<div class=\"md-code-block-banner\">\n<div class=\"md-code-block-action\">\n<div class=\"ds-markdown-code-copy-button\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<pre><span class=\"token keyword\">import<\/span> os\n<span class=\"token keyword\">import<\/span> secrets\n\n<span class=\"token keyword\">def<\/span> <span class=\"token function\">rotate_security_key<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n    new_key <span class=\"token operator\">=<\/span> secrets<span class=\"token punctuation\">.<\/span>token_hex<span class=\"token punctuation\">(<\/span><span class=\"token number\">32<\/span><span class=\"token punctuation\">)<\/span>  <span class=\"token comment\"># Gera uma nova chave de 64 caracteres<\/span>\n    env_file <span class=\"token operator\">=<\/span> <span class=\"token string\">\".env\"<\/span>  <span class=\"token comment\"># Arquivo de configura\u00e7\u00e3o do Craft CMS<\/span>\n\n    <span class=\"token keyword\">try<\/span><span class=\"token punctuation\">:<\/span>\n        <span class=\"token keyword\">with<\/span> <span class=\"token builtin\">open<\/span><span class=\"token punctuation\">(<\/span>env_file<span class=\"token punctuation\">,<\/span> <span class=\"token string\">\"r\"<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token keyword\">as<\/span> <span class=\"token builtin\">file<\/span><span class=\"token punctuation\">:<\/span>\n            lines <span class=\"token operator\">=<\/span> <span class=\"token builtin\">file<\/span><span class=\"token punctuation\">.<\/span>readlines<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span>\n\n        <span class=\"token keyword\">with<\/span> <span class=\"token builtin\">open<\/span><span class=\"token punctuation\">(<\/span>env_file<span class=\"token punctuation\">,<\/span> <span class=\"token string\">\"w\"<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token keyword\">as<\/span> <span class=\"token builtin\">file<\/span><span class=\"token punctuation\">:<\/span>\n            <span class=\"token keyword\">for<\/span> line <span class=\"token keyword\">in<\/span> lines<span class=\"token punctuation\">:<\/span>\n                <span class=\"token keyword\">if<\/span> line<span class=\"token punctuation\">.<\/span>startswith<span class=\"token punctuation\">(<\/span><span class=\"token string\">\"SECURITY_KEY=\"<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n                    <span class=\"token builtin\">file<\/span><span class=\"token punctuation\">.<\/span>write<span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"SECURITY_KEY=<\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>new_key<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">\\n\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n                <span class=\"token keyword\">else<\/span><span class=\"token punctuation\">:<\/span>\n                    <span class=\"token builtin\">file<\/span><span class=\"token punctuation\">.<\/span>write<span class=\"token punctuation\">(<\/span>line<span class=\"token punctuation\">)<\/span>\n\n        <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[SUCESSO] Chave de seguran\u00e7a rotacionada: <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>new_key<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n    <span class=\"token keyword\">except<\/span> Exception <span class=\"token keyword\">as<\/span> e<span class=\"token punctuation\">:<\/span>\n        <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[ERRO] Falha ao rotacionar chave: <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>e<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n\n<span class=\"token comment\"># Exemplo de uso<\/span>\nrotate_security_key<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<br \/><br \/><\/span><\/pre>\n<\/div>\n<p style=\"text-align: justify;\">Esse script gera uma nova chave de seguran\u00e7a e a insere no arquivo\u00a0<code>.env<\/code>\u00a0do Craft CMS, substituindo a chave anterior.<\/p>\n<p>\u00a0<\/p>\n<p><strong>3. Detec\u00e7\u00e3o de tentativas de inje\u00e7\u00e3o de c\u00f3digo<\/strong><\/p>\n<p>Podemos usar Python para monitorar logs e detectar tentativas de explora\u00e7\u00e3o da vulnerabilidade.<\/p>\n<div class=\"md-code-block\">\n<div class=\"md-code-block-banner-wrap\">\n<div class=\"md-code-block-banner\">\n<div class=\"md-code-block-action\">\n<div class=\"ds-markdown-code-copy-button\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<pre><span class=\"token keyword\">import<\/span> re\n\n<span class=\"token keyword\">def<\/span> <span class=\"token function\">detect_code_injection<\/span><span class=\"token punctuation\">(<\/span>log_file<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n    injection_patterns <span class=\"token operator\">=<\/span> <span class=\"token punctuation\">[<\/span>\n        <span class=\"token string\">r\"\\{\\{.*\\}\\}\"<\/span><span class=\"token punctuation\">,<\/span>  <span class=\"token comment\"># Padr\u00e3o de inje\u00e7\u00e3o de template<\/span>\n        <span class=\"token string\">r\"eval\\(\"<\/span><span class=\"token punctuation\">,<\/span>      <span class=\"token comment\"># Uso de eval()<\/span>\n        <span class=\"token string\">r\"system\\(\"<\/span><span class=\"token punctuation\">,<\/span>    <span class=\"token comment\"># Uso de system()<\/span>\n    <span class=\"token punctuation\">]<\/span>\n\n    <span class=\"token keyword\">try<\/span><span class=\"token punctuation\">:<\/span>\n        <span class=\"token keyword\">with<\/span> <span class=\"token builtin\">open<\/span><span class=\"token punctuation\">(<\/span>log_file<span class=\"token punctuation\">,<\/span> <span class=\"token string\">\"r\"<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token keyword\">as<\/span> <span class=\"token builtin\">file<\/span><span class=\"token punctuation\">:<\/span>\n            logs <span class=\"token operator\">=<\/span> <span class=\"token builtin\">file<\/span><span class=\"token punctuation\">.<\/span>readlines<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span>\n\n        <span class=\"token keyword\">for<\/span> line <span class=\"token keyword\">in<\/span> logs<span class=\"token punctuation\">:<\/span>\n            <span class=\"token keyword\">for<\/span> pattern <span class=\"token keyword\">in<\/span> injection_patterns<span class=\"token punctuation\">:<\/span>\n                <span class=\"token keyword\">if<\/span> re<span class=\"token punctuation\">.<\/span>search<span class=\"token punctuation\">(<\/span>pattern<span class=\"token punctuation\">,<\/span> line<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n                    <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[ALERTA] Tentativa de inje\u00e7\u00e3o detectada: <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>line<span class=\"token punctuation\">.<\/span>strip<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n                    <span class=\"token keyword\">return<\/span> <span class=\"token boolean\">True<\/span>\n\n        <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">\"[SUCESSO] Nenhuma tentativa de inje\u00e7\u00e3o detectada.\"<\/span><span class=\"token punctuation\">)<\/span>\n        <span class=\"token keyword\">return<\/span> <span class=\"token boolean\">False<\/span>\n    <span class=\"token keyword\">except<\/span> Exception <span class=\"token keyword\">as<\/span> e<span class=\"token punctuation\">:<\/span>\n        <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[ERRO] Falha ao analisar logs: <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>e<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n\n<span class=\"token comment\"># Exemplo de uso<\/span>\ndetect_code_injection<span class=\"token punctuation\">(<\/span><span class=\"token string\">\"craft.log\"<\/span><span class=\"token punctuation\">)<\/span>  <span class=\"token comment\"># Substitua pelo caminho do seu arquivo de log<br \/><br \/><\/span><\/pre>\n<\/div>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\">Esse script analisa logs em busca de padr\u00f5es comuns de inje\u00e7\u00e3o de c\u00f3digo, como o uso de\u00a0<code>eval()<\/code>\u00a0ou\u00a0<code>system()<\/code>.<\/p>\n<h3>\u00a0<\/h3>\n<p><strong>4. Simula\u00e7\u00e3o de ataque para testes de seguran\u00e7a<\/strong><\/p>\n<p>Para testar a robustez do sistema, podemos simular um ataque de inje\u00e7\u00e3o de c\u00f3digo.<\/p>\n<div class=\"md-code-block\" style=\"text-align: justify;\">\n<div class=\"md-code-block-banner-wrap\">\n<div class=\"md-code-block-banner\">\n<div class=\"md-code-block-action\">\n<pre class=\"ds-markdown-code-copy-button\"><span class=\"token keyword\" style=\"color: #1e1e1e; font-family: Menlo, Consolas, monaco, monospace; font-size: 15px; white-space-collapse: preserve;\">import<\/span><span style=\"color: #1e1e1e; font-family: Menlo, Consolas, monaco, monospace; font-size: 15px; white-space-collapse: preserve;\"> requests<\/span><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<pre>\n<span class=\"token keyword\">def<\/span> <span class=\"token function\">simulate_code_injection<\/span><span class=\"token punctuation\">(<\/span>url<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n    payload <span class=\"token operator\">=<\/span> <span class=\"token string\">\"{{7*7}}\"<\/span>  <span class=\"token comment\"># Payload de teste para inje\u00e7\u00e3o de template<\/span>\n    <span class=\"token keyword\">try<\/span><span class=\"token punctuation\">:<\/span>\n        response <span class=\"token operator\">=<\/span> requests<span class=\"token punctuation\">.<\/span>post<span class=\"token punctuation\">(<\/span>url<span class=\"token punctuation\">,<\/span> data<span class=\"token operator\">=<\/span><span class=\"token punctuation\">{<\/span><span class=\"token string\">\"input\"<\/span><span class=\"token punctuation\">:<\/span> payload<span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">)<\/span>\n        <span class=\"token keyword\">if<\/span> <span class=\"token string\">\"49\"<\/span> <span class=\"token keyword\">in<\/span> response<span class=\"token punctuation\">.<\/span>text<span class=\"token punctuation\">:<\/span>\n            <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[ALERTA] Vulnerabilidade de inje\u00e7\u00e3o detectada em <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>url<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">!\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n        <span class=\"token keyword\">else<\/span><span class=\"token punctuation\">:<\/span>\n            <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[SUCESSO] Nenhuma vulnerabilidade detectada em <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>url<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">.\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n    <span class=\"token keyword\">except<\/span> Exception <span class=\"token keyword\">as<\/span> e<span class=\"token punctuation\">:<\/span>\n        <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[ERRO] Falha ao testar <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>url<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">: <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>e<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n\n<span class=\"token comment\"># Exemplo de uso<\/span>\nsimulate_code_injection<span class=\"token punctuation\">(<\/span><span class=\"token string\">\"https:\/\/exemplo.com\/formulario\"<\/span><span class=\"token punctuation\">)<\/span>  <span class=\"token comment\"># Substitua pela URL do seu sistema<br \/><br \/><\/span><\/pre>\n<\/div>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\"><span class=\"token comment\">Esse script envia um payload de teste para um endpoint e verifica se o sistema \u00e9 vulner\u00e1vel a inje\u00e7\u00e3o de c\u00f3digo.<\/span><\/p>\n<p>\u00a0<\/p>\n<p><strong>Conclus\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\">A vulnerabilidade\u00a0<strong>CVE-2025-23209<\/strong>\u00a0no Craft CMS \u00e9 um lembrete importante da necessidade de manter sistemas atualizados e monitorados. Utilizando Python, podemos automatizar tarefas cr\u00edticas de seguran\u00e7a, como verifica\u00e7\u00e3o de vers\u00f5es, rota\u00e7\u00e3o de chaves e detec\u00e7\u00e3o de ataques.<\/p>\n<p style=\"text-align: justify;\">Se voc\u00ea utiliza o Craft CMS, certifique-se de atualizar para as vers\u00f5es\u00a0<strong>4.13.8<\/strong>\u00a0ou\u00a0<strong>5.5.8<\/strong>. Caso a atualiza\u00e7\u00e3o n\u00e3o seja poss\u00edvel imediatamente, a rota\u00e7\u00e3o das chaves de seguran\u00e7a e o monitoramento proativo s\u00e3o medidas essenciais.<\/p>\n<p>\u00a0<\/p>\n<p>Fonte e imagens: <a href=\"https:\/\/thehackernews.com\/2025\/02\/cisa-flags-craft-cms-vulnerability-cve.html\" target=\"_blank\" rel=\"noopener\">https:\/\/thehackernews.com\/2025\/02\/cisa-flags-craft-cms-vulnerability-cve.html<\/a><\/p>\n\n\n","protected":false},"excerpt":{"rendered":"<p>CISA sinaliza vulnerabilidade CVE-2025-23209 do Craft CMS em meio a ataques ativos Recentemente, a\u00a0CISA (Cybersecurity and Infrastructure Security Agency)\u00a0adicionou a vulnerabilidade\u00a0CVE-2025-23209, que afeta o Craft CMS, ao seu cat\u00e1logo de vulnerabilidades exploradas conhecidas (KEV). Essa falha de alta gravidade permite a\u00a0inje\u00e7\u00e3o de c\u00f3digo remoto (RCE)\u00a0em vers\u00f5es comprometidas do Craft CMS, colocando em risco a seguran\u00e7a [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":22105,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,100,109],"tags":[],"class_list":["post-22104","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basico","category-diversos","category-backtrack-brasil-series"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22104","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=22104"}],"version-history":[{"count":15,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22104\/revisions"}],"predecessor-version":[{"id":22120,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22104\/revisions\/22120"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/22105"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=22104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=22104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=22104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}