CVE-2025-6384 PoC — CrafterCMS 安全漏洞

Source

https://github.com/mbadanoiu/CVE-2025-6384

Associated Vulnerability

Title:CrafterCMS 安全漏洞 (CVE-2025-6384)
Description:CrafterCMS是CrafterCMS公司的一个基于 Java 的 CMS。 CrafterCMS 4.0.0至4.2.2版本存在安全漏洞，该漏洞源于Groovy沙箱绕过导致认证开发者可以执行OS命令。

Description

CVE-2025-6384: Groovy Sandbox Bypass 2 in CrafterCMS

Readme

# CVE-2025-6384: Groovy Sandbox Bypass 2 in CrafterCMS

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://craftercms.com/docs/current/security/advisory.html#cv-2025061901)

### Requirements:

This vulnerability requires:
<br/>
- Valid user credentials

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2025-6384/blob/main/CrafterCMS%20-%20CVE-2025-6384.pdf).

File Snapshot


 [4.0K]  /data/pocs/d9422671fa8e82ea1cf72db2d5cfddcd5fafadc1
├── [1.7M]  CrafterCMS - CVE-2025-6384.pdf
└── [ 677]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!