CVE-2025-6384 – CrafterCMS Groovy Sandbox Bypass Remote Code Execution

June 19, 2025

CVE ID : CVE-2025-6384

Published : June 19, 2025, 9:15 p.m. | 1 hour, 14 minutes ago

Description : Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution).

This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47293 – PowSyBl XML Entity Injection and SSRF Vulnerability

Next Article CVE-2025-6279 – Upsonic Pickle Handler Deserialization Vulnerability

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

I’ve tested dozens of robot vacuums. These are the three I recommend most to family and friends

These apps are quietly draining your phone battery – how to find and shut them down

184 million passwords for Google, Microsoft, Facebook, and more leaked in massive data breach

I tested the world’s thinnest SSD enclosure – here’s why it’s the perfect PC accessory for me

Importance of Performance Adaptation in Frontend Development

Importance of Performance Adaptation in Frontend Development

Proactive, Not Reactive – The Key to Inclusive and Accessible Design

Reset Rate Limits Dynamically with Laravel’s clear Method

Stage – Git GUI client for Linux desktops

Stage – Git GUI client for Linux desktops

Edit: L’editor di testo a riga di comando di Microsoft anche per GNU/Linux

Splitcat – split and merge files

CVE-2025-6384 – CrafterCMS Groovy Sandbox Bypass Remote Code Execution

CVE-2025-49763: Apache Traffic Server Vulnerability Enables Memory Exhaustion Attacks

TCC Bypass vulnerabilities in two macOS applications

Human Biases – How Smart Teams Can Still Make Dumb Decisions

CVE-2025-45475 – Maccms SSRF Vulnerability in Friend Link Management

CVE-2025-4525 – Discord WINSTA.dll Uncontrolled Search Path Vulnerability

Gen AI use at work saps our motivation even as it boosts productivity, new research shows

CVE-2022-26072 – Apache Struts Remote Code Execution

LinkedIn’s CEO just got a new job at Microsoft, and he didn’t even need to use the ‘Open to Work’ badge

An LLM-Based Approach to Review Summarization on the App Store

CVE-2022-44759 – HCL Leap SVG Injection Vulnerability

CVE-2025-6384 – CrafterCMS Groovy Sandbox Bypass Remote Code Execution

Related Posts