POC详情: d9422671fa8e82ea1cf72db2d5cfddcd5fafadc1

来源
https://github.com/mbadanoiu/CVE-2025-6384
关联漏洞
标题: CrafterCMS 安全漏洞 (CVE-2025-6384)
描述:CrafterCMS是CrafterCMS公司的一个基于 Java 的 CMS。 CrafterCMS 4.0.0至4.2.2版本存在安全漏洞,该漏洞源于Groovy沙箱绕过导致认证开发者可以执行OS命令。
描述
CVE-2025-6384: Groovy Sandbox Bypass 2 in CrafterCMS
介绍
# CVE-2025-6384: Groovy Sandbox Bypass 2 in CrafterCMS

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://craftercms.com/docs/current/security/advisory.html#cv-2025061901)

### Requirements:

This vulnerability requires:
<br/>
- Valid user credentials

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2025-6384/blob/main/CrafterCMS%20-%20CVE-2025-6384.pdf).
文件快照

 [4.0K]  /data/pocs/d9422671fa8e82ea1cf72db2d5cfddcd5fafadc1
├── [1.7M]  CrafterCMS - CVE-2025-6384.pdf
└── [ 677]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。