CVE-2025-6384

Name of the Vulnerable Software and Affected Versions CrafterCMS versions 4.0.0 through 4.2.2

Description An issue exists in Crafter Studio of CrafterCMS that allows authenticated developers to execute operating system commands. This is due to improper control of dynamically-managed code resources, specifically a Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker can bypass security restrictions and achieve Remote Code Execution (RCE).

Recommendations Update CrafterCMS to version 4.3.0 or later.