The error was found in crafts CMS versions 4 and 5
It allows for the execution of remote code
The US Government’s Cyber Security and Infrastructure Security Agency (CISA) has added a new error in crafts CMS versions 4 and 5 to its known utilized vulnerabilities (KEV) catalog calling the alarm for abuse in nature.
Vulnerability is a remote code performance error (RCE) that is traced as CVE-2025-23209, but we do not know too much details about it, except that the utilization of the fact is not so straightforward.