GHSA-5644-3vgq-2ph5

Опубликовано: 19 июн. 2025

Источник: github

Github: Прошло ревью

CVSS4: 7.3

Описание

Crafter Studio Groovy Sandbox Bypass

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution).

This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

Ссылки

Пакеты

Наименование

org.craftercms:crafter-studio

maven

Затронутые версииВерсия исправления

>= 4.0.0, < 4.3.0

4.3.0

EPSS

Процентиль: 23%

0.00077

Низкий

7.3 High

CVSS4

CVE ID

CVE-2025-6384

Дефекты

CWE-913

Связанные уязвимости

CVE-2025-6384

CVSS3: 9.1

nvd

8 месяцев назад

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

EPSS

Процентиль: 23%

0.00077

Низкий

7.3 High

CVSS4

CVE ID

CVE-2025-6384

Дефекты

CWE-913