Vulnerability Description
Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior. Note that attackers must have administrator access to the Craft Control Panel for this to work. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Craftcms | Craft Cms | >= 4.0.0.1, < 4.16.17 |
Related Weaknesses (CWE)
References
- https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04ProductRelease Notes
- https://github.com/craftcms/cms/commit/27f55886098b56c00ddc53b69239c9c9192252c7Patch
- https://github.com/craftcms/cms/commit/6e608a1a5bfb36943f94f584b7548ca542a86fefPatch
- https://github.com/craftcms/cms/commit/ec43c497edde0b2bf2e39a119cded2e55f9fe593Patch
- https://github.com/craftcms/cms/security/advisories/GHSA-255j-qw47-wjh5ExploitVendor Advisory
- https://github.com/craftcms/cms/security/advisories/GHSA-255j-qw47-wjh5ExploitVendor Advisory
FAQ
What is CVE-2025-68455?
CVE-2025-68455 is a vulnerability with a CVSS score of 7.2 (HIGH). Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via malicious atta...
How severe is CVE-2025-68455?
CVE-2025-68455 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-68455?
Check the references section above for vendor advisories and patch information. Affected products include: Craftcms Craft Cms.