CVE-2025-6384

| EUVD-2025-18697 CRITICAL
2025-06-19 [email protected] GHSA-5644-3vgq-2ph5
9.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 15, 2026 - 00:08 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 00:08 euvd
EUVD-2025-18697
CVE Published
Jun 19, 2025 - 21:15 nvd
CRITICAL 9.1

Tags

RCE Craftercms

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

Analysis

Critical Remote Code Execution vulnerability in CrafterCMS Crafter Studio that allows authenticated developers to bypass Groovy Sandbox restrictions and execute arbitrary OS commands through malicious Groovy code injection. This affects CrafterCMS versions 4.0.0 through 4.2.2, and while it requires high-privilege authentication (developer role), the ability to achieve RCE with high-impact consequences (confidentiality, integrity, and availability compromise across system boundaries) makes this a severe issue worthy of immediate patching.

Technical Context

CrafterCMS Crafter Studio uses a Groovy Sandbox to safely execute user-supplied Groovy code in dynamic code resources (CWE-913: Improper Control of Dynamically-Managed Code Resources). The vulnerability stems from insufficient sandbox restriction enforcement—an authenticated developer can craft malicious Groovy expressions that circumvent sandbox protections and execute arbitrary OS commands with the privileges of the CrafterCMS application server process. This is a classic sandbox escape vulnerability where the security boundary intended to isolate untrusted code execution is bypassed through Groovy language features or reflection techniques. The affected product is CrafterCMS (CPE: cpe:2.3:a:craftercms:craftercms) in versions 4.0.0 through 4.2.2, specifically the Crafter Studio component which provides administrative interfaces and dynamic code capabilities.

Affected Products

CrafterCMS (4.0.0 through 4.2.2 (inclusive))

Remediation

Upgrade CrafterCMS to version 4.2.3 or later (version immediately following 4.2.2); priority: Critical; timeline: Immediate (same business day if possible) Interim Mitigation: Restrict developer account access in Crafter Studio to only trusted personnel; audit and revoke unnecessary developer role assignments; priority: High; timeline: Immediate Interim Mitigation: Monitor and audit all dynamic code resource modifications and execution logs in CrafterCMS for suspicious Groovy expressions or OS command patterns; priority: High; timeline: Implement within 24 hours Interim Mitigation: Isolate CrafterCMS Crafter Studio administrative interfaces behind additional network access controls (VPN, IP whitelisting, WAF rules) to reduce attack surface for credential compromise; priority: Medium; timeline: Implement within 48 hours Detection: Enable comprehensive audit logging for Groovy code execution and OS command invocation within CrafterCMS; alert on patterns including reflection, Runtime.exec(), ProcessBuilder, or System properties access; priority: High; timeline: Implement before patching window

Priority Score

46
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +46
POC: 0

Share

CVE-2025-6384 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy