Home > Vulnerability Database > CVE-2025-6384

Mend.io Vulnerability Database

CVE-2025-6384

Good to know:

Date: June 19, 2025

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

Severity Score

7.9

Related Resources (5)

Url: https://docs.craftercms.org/current/security/advisory.html#cv-2025061901

Url: https://github.com/craftercms/studio

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-6384

Url: https://github.com/craftercms/studio/commit/471bbad07cf1f3b420529a020c1409ad57d48a4e

Url: https://www.mend.io/vulnerability-database/CVE-2025-6384

Severity Score

7.9

Weakness Type (CWE)

Improper Control of Dynamically-Managed Code Resources

CWE-913

Top Fix

Upgrade Version

Upgrade to version org.craftercms:crafter-studio:4.3.0

Learn More

CVSS v3.1

Base Score:	7.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-6384

Good to know:

Date: June 19, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?