PT-2026-1346 · Craft · Craft
Published
2026-01-05
·
Updated
2026-01-06
·
CVE-2025-68455
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Craft versions 5.0.0-RC1 through 5.8.20
Craft versions 4.0.0-RC1 through 4.16.16
Description
Craft is a platform for creating digital experiences. The software is susceptible to potential authenticated Remote Code Execution through malicious attached Behavior. An attacker must possess administrator access to the Craft Control Panel to exploit this issue.
Recommendations
Update to version 5.8.21
Update to version 4.16.17
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Craft