CVE-2025-6384 – CrafterCMS Groovy Sandbox Bypass Remote Code Execution

June 19, 2025

CVE ID : CVE-2025-6384

Published : June 19, 2025, 9:15 p.m. | 1 hour, 14 minutes ago

Description : Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution).

This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47293 – PowSyBl XML Entity Injection and SSRF Vulnerability

Next Article CVE-2025-6279 – Upsonic Pickle Handler Deserialization Vulnerability

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

Borderlands 4 is killing off a tired “FOMO” trend — I hope other developers follow suit

Dr. Axel’s JavaScript flashcards

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

WelsonJS – Build a Windows app on the Windows built-in JavaScript engine

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

CVE-2025-6384 – CrafterCMS Groovy Sandbox Bypass Remote Code Execution

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Verdansk is coming back to Call of Duty: Warzone, and I’m pretty sure I know which weapon EVERYONE will be putting in their loadouts

CVE-2025-5939 – Telegram for WP WordPress Stored Cross-Site Scripting Vulnerability

Learn to Build a Multilayer Perceptron with Real-Life Examples and Python Code

CVE-2024-49841 – VMware ESXi Memory Corruption Vulnerability

The Role of Customer Support for Business Growth

Last Week in AI #306: Astrocade, Llama 4, Nova Act

Windows 11 KB5055627 finally makes File Explorer faster on Windows 11 24H2

CVE-2025-6384 – CrafterCMS Groovy Sandbox Bypass Remote Code Execution

Related Posts