CVE-2025-0502

Jan. 15, 2025, 6:15 p.m.

None
No Score

Description

Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6.

Product(s) Impacted

Product Versions
CrafterCMS Engine
  • ['4.0.0 - 4.0.8', '4.1.0 - 4.1.6']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-402
Transmission of Private Resources into a New Sphere ('Resource Leak')
The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.

References

https://craftercms.com/docs/current/security/advisory.html#cv-2025011501

Tags

CWE-402
2025-01-15
CVE-2025-0502
security@craftersoftware.com

Timeline

Published: Jan. 15, 2025, 6:15 p.m.
Last Modified: Jan. 15, 2025, 6:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@craftersoftware.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.