CVE-2025-14700

Critical CVSS: 9.9

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection.

Vendor

Craftycontrol

Product

Crafty Controller

CWE

CWE-1336

Yayın Tarihi

2025-12-17 01:15:59

Güncelleme

2025-12-23 21:17:59

Source Identifier

cve@gitlab.com

KEV Date Added

Kategoriler

CWE-1336 Crafty Controller CRITICAL Craftycontrol 2025

Referanslar

https://gitlab.com/crafty-controller/crafty-4/-/issues/646

Benzer Kayıtlar

Critical

CVE-2026-0963

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote…

High

CVE-2026-0805

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authen…

High

CVE-2025-14701

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated…

High

CVE-2025-5990

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a…