Crafty Controller Webhook Template Component Server-Side Template Injection Vulnerability Leading to Remote Code Execution

Vulnerability

A vulnerability allowing remote code execution through server-side template injection has been identified in the Webhook Template component of Crafty Controller. This input neutralization issue can be exploited by remote, authenticated attackers.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Crafty Controller is running.

Added: Dec 17, 2025, 1:21 AM

Updated: Dec 17, 2025, 1:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Crafty Controller Webhook Template Component Server-Side Template Injection Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Affected Products

Crafty Controller

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating