[MEDIUM] Craft CMS has a theoretical bypass for CVE-2025-23209

PKSA-xnt5-5jkh-xr5x CVE-2025-54417 GHSA-2vcf-qxv3-2mgw

Affected package: craftcms/cms

Affected version: >=5.5.8,<5.8.4|>=4.13.8,<4.16.3

Reported by:
GitHub