How severe is CVE-2025-68456?

CVE-2025-68456 has a CVSS v3 score of 9.1 (CRITICAL).

CVE-2025-68456

Name: craft_cms
Author: craftcms

9.1CRITICAL

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin a

公開日: 1/5/2026更新日: 1/12/2026

説明

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. Craft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes.

AI分析AIによる分析

影響を受ける製品

craftcmscraft_cms

5.0.0

craftcmscraft_cms

5.0.0

参照

https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04
ProductRelease Notes
https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39
Patch
https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr
ExploitVendor Advisory
https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr
ExploitVendor Advisory