CVE-2025-6384: 
Java vulnerability analysis and mitigation

Improper Control of Dynamically-Managed Code Resources vulnerability was discovered in Crafter Studio of CrafterCMS, affecting versions 4.0.0 through 4.2.2. The vulnerability was disclosed on June 19, 2025, and was assigned CVE-2025-6384. This security issue affects the Crafter Studio component of CrafterCMS, specifically impacting authenticated developers (CrafterCMS Advisory, NVD).

The vulnerability is classified as CWE-913 (Improper Control of Dynamically-Managed Code Resources). It received a CVSS v4.0 Base Score of 7.3 (HIGH) with the vector string CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H. The vulnerability specifically involves the Groovy Sandbox implementation in Crafter Studio, where malicious Groovy elements can be used to bypass sandbox restrictions (NVD).

When successfully exploited, this vulnerability allows authenticated developers to execute operating system commands through a Groovy Sandbox Bypass mechanism. The impact is significant as it can lead to Remote Code Execution (RCE) on the affected system, potentially compromising the entire application environment (CrafterCMS Advisory).

Users are advised to upgrade their CrafterCMS installations to a version newer than 4.2.2, which contains the fix for this vulnerability. No specific workarounds have been published for those unable to upgrade immediately (CrafterCMS Advisory).