CVE-2025-6384

CrafterCMS Crafter Studio is affected by CVE-2025-6384 (versions 4.0.0–4.2.2). The issue is an Improper Control of Dynamically-Managed Code Resources that allows authenticated developers to bypass the Groovy sandbox, enabling remote code execution (RCE) by injecting malicious Groovy elements. The...

CVE-2025-6384 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE Remote Code...

PT-2025-26243

Name of the Vulnerable Software and Affected Versions CrafterCMS versions 4.0.0 through 4.2.2 Description An issue exists in Crafter Studio of CrafterCMS that allows authenticated developers to execute operating system commands. This is due to improper control of dynamically-managed code resource...

Cross-site Scripting (XSS) in CrafterCMS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27...