CVE-2025-46731 – Craft CMS SSTI Remote Code Execution Vulnerability

May 5, 2025

CVE ID : CVE-2025-46731

Published : May 5, 2025, 8:15 p.m. | 3 hours, 19 minutes ago

Description : Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and `ALLOW_ADMIN_CHANGES` must be enabled for this to work. Users should update to the patched versions 4.14.13 or 5.6.15 to mitigate the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46734 – League Commonmark Attributes Extension Cross-Site Scripting Vulnerability

Next Article CVE-2025-46730 – “MobSF ZIP Bomb Denial of Service Vulnerability”

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

How to install SteamOS on ROG Ally and Legion Go Windows gaming handhelds

Xbox Game Pass just had its strongest content quarter ever, but can we expect this level of quality forever?

Gaming on a dual-screen laptop? I tried it with Lenovo’s new Yoga Book 9i for 2025 — Here’s what happened

We got Markdown in Notepad before GTA VI

Oracle Fusion new Product Management Landing Page and AI (25B)

Oracle Fusion new Product Management Landing Page and AI (25B)

Filament Is Now Running Natively on Mobile

How Remix is shaking things up

How to install SteamOS on ROG Ally and Legion Go Windows gaming handhelds

How to install SteamOS on ROG Ally and Legion Go Windows gaming handhelds

Xbox Game Pass just had its strongest content quarter ever, but can we expect this level of quality forever?

Gaming on a dual-screen laptop? I tried it with Lenovo’s new Yoga Book 9i for 2025 — Here’s what happened

CVE-2025-46731 – Craft CMS SSTI Remote Code Execution Vulnerability

New Apache InLong Vulnerability (CVE-2025-27522) Exposes Systems to Remote Code Execution Risks

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

CVE-2025-1458 – Elementor Element Pack Addons Stored Cross-Site Scripting Vulnerability

Top Data Science Courses in 2024

Surface Laptop 7 sale: Save big on “the clamshell form factor perfected”

CVE-2025-5264 – Firefox Local Command Injection Vulnerability

April 11, 2025: AI updates from the past week — Google’s new tools for building AI agents, agent mode in GitHub Copilot, and more

CLI Experiments : Tabs

AURORA-M: A 15B Parameter Multilingual Open-Source AI Model Trained in English, Finnish, Hindi, Japanese, Vietnamese, and Code

GraphCast: AI model for faster and more accurate global weather forecasting

CVE-2025-46731 – Craft CMS SSTI Remote Code Execution Vulnerability

Related Posts