CVE-2025-0502

🗓️ 15 Jan 2025 17:47:51Reported by crafterType

CVE-2025-0502 allows Resource Leak Exposure and Directory Indexing on multiple operating systems.

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2025-0502	15 Jan 202517:54	–	circl
CNNVD	CrafterCMS 安全漏洞	15 Jan 202500:00	–	cnnvd
Cvelist	CVE-2025-0502 Transmission of Private Resources into a New Sphere in Crafter Engine	15 Jan 202517:47	–	cvelist
EUVD	EUVD-2025-1722	3 Oct 202520:07	–	euvd
NVD	CVE-2025-0502	15 Jan 202518:15	–	nvd
Positive Technologies	PT-2025-3928 · Unknown · Crafter Cms	15 Jan 202500:00	–	ptsecurity
Vulnrichment	CVE-2025-0502 Transmission of Private Resources into a New Sphere in Crafter Engine	15 Jan 202517:47	–	vulnrichment

NVD

Node

craftercms craftercmsRange4.0.0–4.0.8

craftercms craftercmsRange4.1.0–4.1.6

AND

apple macosMatch-

linux linux_kernelMatch-

microsoft windowsMatch-

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Engine",
    "platforms": [
      "Linux",
      "MacOS",
      "x86",
      "Windows",
      "64 bit",
      "ARM"
    ],
    "product": "CrafterCMS",
    "vendor": "CrafterCMS",
    "versions": [
      {
        "lessThan": "4.0.8",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "4.1.6",
        "status": "affected",
        "version": "4.1.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
craftercms	www.craftercms.com/docs/current/security/advisory.html

15 Dec 2025 20:57Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.19.1

CVSS 46.9

EPSS0.0036

SSVC

CWE-402