Home > Vulnerability Database > CVE-2025-68455

Mend.io Vulnerability Database

CVE-2025-68455

Good to know:

Date: January 5, 2026

Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior. Note that attackers must have administrator access to the Craft Control Panel for this to work. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.

Severity Score

7.2

Related Resources (8)

Url: https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04

Url: https://github.com/craftcms/cms/security/advisories/GHSA-255j-qw47-wjh5

Url: https://github.com/craftcms/cms/commit/ec43c497edde0b2bf2e39a119cded2e55f9fe593

Url: https://github.com/craftcms/cms/commit/6e608a1a5bfb36943f94f584b7548ca542a86fef

Url: https://github.com/craftcms/cms

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-68455

Url: https://github.com/craftcms/cms/commit/27f55886098b56c00ddc53b69239c9c9192252c7

Url: https://www.mend.io/vulnerability-database/CVE-2025-68455

Severity Score

7.2

Weakness Type (CWE)

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

CWE-470

Top Fix

Upgrade Version

Upgrade to version craftcms/cms - 5.8.21;craftcms/cms - 4.16.17;https://github.com/craftcms/cms.git - 4.16.17;https://github.com/craftcms/cms.git - 5.8.21

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-68455

Good to know:

Date: January 5, 2026

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?