PT-2025-19793 · Craft Cms · Craft Cms

🗓️ 05 May 2025 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 3 Views

Craft CMS remote code execution via Twig SSTI; update to 4.14.13 or 5.6.15, or disable admin changes.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2025-46731	5 May 202520:20	–	circl
CNNVD	Craft CMS 安全漏洞	5 May 202500:00	–	cnnvd
CVE	CVE-2025-46731	5 May 202519:35	–	cve
Cvelist	CVE-2025-46731 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI	5 May 202519:35	–	cvelist
EUVD	EUVD-2025-13408	3 Oct 202520:07	–	euvd
Github Security Blog	Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI	5 May 202519:35	–	github
NVD	CVE-2025-46731	5 May 202520:15	–	nvd
OSV	CVE-2025-46731 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI	5 May 202519:35	–	osv
OSV	GHSA-7C58-G782-9J38 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI	5 May 202519:35	–	osv
OSV	GHSA-F3CW-HG6R-CHFV Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI	13 Nov 202414:16	–	osv

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-46731
osv	www.osv.dev/vulnerability/GHSA-7c58-g782-9j38
github	www.github.com/craftcms/cms
github	www.github.com/craftcms/cms/security/advisories/GHSA-7c58-g782-9j38
github	www.github.com/craftcms/cms/security/advisories/GHSA-f3cw-hg6r-chfv
t	www.t.me/latest_high_impact_cve/2275
twitter	www.twitter.com/vicariusltd/status/1922674557518782969
craftcms	www.craftcms.com/knowledge-base/securing-craft
github	www.github.com/craftcms/cms/pull/17026
twitter	www.twitter.com/CVEnew/status/1919479831135453386

14 May 2025 00:00Current

8.2High risk

Vulners AI Score8.2

CVSS 48.6

EPSS0.00909

Craft content management Twig template injection remote code execution admin changes setting