CISA 警告 Craft CMS 版本 4 和 5 中存在严重缺陷，从而支持远程代码执行。 CISA warns of a critical flaw in Craft CMS versions 4 and 5, enabling remote code execution.

网络安全和基础设施安全局 (CISA) 已经在Craft CMS版本4和5中发现了一个严重的漏洞,如果攻击者获得安全密钥,则可以远程执行代码. The Cybersecurity and Infrastructure Security Agency (CISA) has identified a high-severity vulnerability in Craft CMS versions 4 and 5, allowing remote code execution if the attacker gains access to the security key. 这个缺陷列在CISA已知的被利用的脆弱性目录中,目前正在积极加以利用。 This flaw, listed in CISA's Known Exploited Vulnerabilities catalog, is being actively exploited. 建议用户在2025年3月13日前更新5.5.8或4.13.8版本,如果怀疑达成妥协,请轮流使用安全钥匙。 Users are advised to update to versions 5.5.8 or 4.13.8 by March 13, 2025, and to rotate security keys if they suspect a compromise.