Primary

Context

CrafterCMS Crafter Studio Remote Code Execution Vulnerability via Groovy Sandbox Bypass

Vulnerability

Patched

A remote code execution vulnerability has been identified in Crafter Studio of CrafterCMS versions 4.0.0 prior to 4.2.2. This vulnerability arises from an improper control of dynamically-managed code resources, allowing authenticated developers to execute operating system commands by bypassing Groovy Sandbox restrictions. By inserting malicious Groovy elements, an attacker can exploit this issue to gain remote code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where CrafterCMS is running.

Added: Jun 19, 2025, 9:16 PM

Updated: Jun 19, 2025, 9:16 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

5.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

5.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CrafterCMS Crafter Studio Remote Code Execution Vulnerability via Groovy Sandbox Bypass

Vulnerability

Impact

Affected Products

CrafterCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating