CISA has warned that a serious Craft CMS vulnerability, tracked as CVE-2025-35939, is now under active exploitation, allowing unauthenticated attackers to inject PHP code into server-side files and potentially gain remote code execution when chained with other flaws. Federal agencies and all Craft CMS users are being urged to patch or mitigate immediately due to […] The post CISA Warns of Craft CMS Code Injection Flaw Exploited in the Wild appeared first on Cyber Security News.