AI description
CVE-2025-46731 is a potential remote code execution vulnerability found in Craft CMS. The vulnerability exists in versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16. It is related to Twig Server-Side Template Injection (SSTI). To exploit this vulnerability, an attacker must have administrator access and the `ALLOW_ADMIN_CHANGES` setting must be enabled. Users are advised to update to patched versions 4.14.13 or 5.6.15 to mitigate the issue.
- Description
- Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and `ALLOW_ADMIN_CHANGES` must be enabled for this to work. Users should update to the patched versions 4.14.13 or 5.6.15 to mitigate the issue.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 7.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-1336
- Hype score
- Not currently trending
最近の応募課題、CVE-2025-46731とfubukiを軸足にひたすら回し蹴りしている感がある
@fubukiyokiyoki
17 Jun 2025
1439 Impressions
1 Retweet
23 Likes
0 Bookmarks
0 Replies
0 Quotes
🦹🏼♀️📛 Villain of the Week 📛🦹🏼♀️ A high-severity vulnerability, CVE-2025-46731, has been identified in Craft CMS versions prior to 4.14.13 and 5.6.16. This flaw enables remote code execution through Server-Side Template Injection in the Twig templa
@vicariusltd
14 May 2025
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-46731 🔴 HIGH (7.3) 🏢 craftcms - cms 🏗️ >= 4.0.0-RC1, < 4.14.13 🔗 https://t.co/v3Jfc64w1C 🔗 https://t.co/kRRvbefPt6 🔗 https://t.co/qCIKeStVZL 🔗 https://t.co/kAzP2Mf15v #CyberCron #VulnAlert #InfoSec https://t.co/DffqqakIEN
@cybercronai
6 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
初CVEを取りました CVE-2025-46731 は、Craft CMS の管理画面における Twig SSTIによるRCEで、CVSS は 7.3(High)となります。 この脆弱性を解消するには、パッチ適用済みの Craft CMS バージョン 4.14.13 または 5.6.15 へアッ
@fubukiyokiyoki
6 May 2025
45288 Impressions
35 Retweets
350 Likes
41 Bookmarks
18 Replies
3 Quotes
CVE-2025-46731 Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code … https://t.co/3fH9YipHPq
@CVEnew
5 May 2025
927 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes