{"id":1549121,"date":"2025-02-21T08:59:01","date_gmt":"2025-02-21T10:59:01","guid":{"rendered":"https:\/\/teknomers.com\/fr\/cisa-flags-craft-cms-vulnerabilite-cve-2025-23209-au-milieu-des-attaques-actives\/"},"modified":"2025-02-21T08:59:06","modified_gmt":"2025-02-21T10:59:06","slug":"cisa-flags-craft-cms-vulnerabilite-cve-2025-23209-au-milieu-des-attaques-actives","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/cisa-flags-craft-cms-vulnerabilite-cve-2025-23209-au-milieu-des-attaques-actives\/","title":{"rendered":"CISA Flags Craft CMS Vuln\u00e9rabilit\u00e9 CVE-2025-23209 Au milieu des attaques actives"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">21 f\u00e9vrier 2025<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 \/ vuln\u00e9rabilit\u00e9 Web<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/02\/CISA-Flags-Craft-CMS-Vulnerabilite-CVE-2025-23209-Au-milieu-des-attaques.png\" style=\"clear: left; display: block; float: left;  text-align: center;\"><\/a><\/div>\n<p>Un d\u00e9faut de s\u00e9curit\u00e9 de haute s\u00e9v\u00e9rit\u00e9 ayant un impact sur le syst\u00e8me de gestion de contenu (CMS) a \u00e9t\u00e9 <a rel=\"noopener nofollow\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/02\/20\/cisa-adds-two-known-exploited-vulnerabilities-catalog\" target=\"_blank\">ajout\u00e9<\/a> par l&#8217;Agence am\u00e9ricaine de s\u00e9curit\u00e9 de cybers\u00e9curit\u00e9 et d&#8217;infrastructure (CISA) \u00e0 ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (<a rel=\"noopener nofollow\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">Kev<\/a>) Catalogue, bas\u00e9 sur des preuves d&#8217;exploitation active.<\/p>\n<p>La vuln\u00e9rabilit\u00e9 en question est <a rel=\"noopener nofollow\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-23209\" target=\"_blank\">CVE-2025-23209<\/a> (Score CVSS: 8.1), qui a un impact sur les versions CMS 4 et 5.<\/p>\n<p>&#8220;Craft CMS contient une vuln\u00e9rabilit\u00e9 d&#8217;injection de code qui permet l&#8217;ex\u00e9cution du code distant car les versions vuln\u00e9rables ont compromis les cl\u00e9s de s\u00e9curit\u00e9 des utilisateurs&#8221;, a indiqu\u00e9 l&#8217;agence.<\/p>\n<div class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener sponsored\" href=\"https:\/\/thehackernews.uk\/saas-security-v1-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybers\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/02\/1738390842_400_Meta-confirme-lattaque-de-logiciels-spyware-zero-clique.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>La vuln\u00e9rabilit\u00e9 affecte la version suivante du logiciel &#8211;<\/p>\n<ul>\n<li>> = 5.0.0-RC1,\n<\/li>\n<li>> = 4.0.0-rc1,\n<\/li>\n<\/ul>\n<p>Dans un avis <a rel=\"noopener nofollow\" href=\"https:\/\/github.com\/craftcms\/cms\/security\/advisories\/GHSA-x684-96hh-833x\" target=\"_blank\">lib\u00e9r\u00e9<\/a> Sur GitHub, Craft CMS a not\u00e9 que toutes les versions non corrig\u00e9es de l&#8217;artisanat avec une cl\u00e9 de s\u00e9curit\u00e9 compromise sont affect\u00e9es par le d\u00e9faut de s\u00e9curit\u00e9.<\/p>\n<p>&#8220;Si vous ne pouvez pas mettre \u00e0 jour vers une version corrig\u00e9e, faire tourner votre cl\u00e9 de s\u00e9curit\u00e9 et garantir que sa confidentialit\u00e9 aidera \u00e0 att\u00e9nuer le probl\u00e8me&#8221;, a-t-il not\u00e9.<\/p>\n<p>Il n&#8217;est actuellement pas clair comment les cl\u00e9s de s\u00e9curit\u00e9 des utilisateurs ont \u00e9t\u00e9 compromises et dans quel contexte. Pour att\u00e9nuer le risque pos\u00e9 par la vuln\u00e9rabilit\u00e9, il est recommand\u00e9 que les agences f\u00e9d\u00e9rales de direction de la direction civile (FCEB) appliquent les correctifs n\u00e9cessaires d&#8217;ici le 13 mars 2025.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant? Suivez-nous <a rel=\"noopener nofollow\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Gazouillement <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"noopener nofollow\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">Liendin<\/a> Pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2025\/02\/cisa-flags-craft-cms-vulnerability-cve.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80221 f\u00e9vrier 2025\ue804Ravie LakshmananS\u00e9curit\u00e9 \/ vuln\u00e9rabilit\u00e9 Web Un d\u00e9faut de s\u00e9curit\u00e9 de haute s\u00e9v\u00e9rit\u00e9 ayant un impact sur le syst\u00e8me de gestion de contenu (CMS) a \u00e9t\u00e9 ajout\u00e9 par l&#8217;Agence am\u00e9ricaine de s\u00e9curit\u00e9 de cybers\u00e9curit\u00e9 et d&#8217;infrastructure (CISA) \u00e0 ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (Kev) Catalogue, bas\u00e9 sur des preuves d&#8217;exploitation active. La vuln\u00e9rabilit\u00e9 en question [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1549122,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[21116,274266,274265,8074,4805,71986,4168,30132,281947,79002,274264,4161,274263,6124,133,153086,274267,1975,4160,238617,246491,4172,79016,4166,3667,4164],"class_list":["post-1549121","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actives","tag-actualites-de-piratage","tag-actualites-des-pirates","tag-attaques","tag-cisa","tag-cms","tag-comment-pirater","tag-craft","tag-cve202523209","tag-cyber-security-news","tag-cyber-security-news-aujourdhui","tag-cyber-mises-a-jour","tag-cyber-nouvelles","tag-cyberattaques","tag-des","tag-flags","tag-malware-ransomware","tag-milieu","tag-mises-a-jour-de-la-cybersecurite","tag-securite-de-linformation","tag-securite-du-reseau","tag-securite-informatique","tag-the-hacker-news","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1549121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1549121"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1549121\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1549122"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1549121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1549121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1549121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}