What is the severity of CVE-2025-0502?

CVE-2025-0502 has a severity rating of MEDIUM with a CVSS base score of 6.9.

CVE-2025-0502 | Medium Vulnerability in CrafterCMS Engine

Q: What is CVE-2025-0502?

A medium severity vulnerability has been identified in CrafterCMS Engine, affecting various platforms. This vulnerability allows directory indexing and resource leak exposure, necessitating prompt attention from organizations using affected versions.

CVE-2025-0502 is classified as a medium severity vulnerability impacting the CrafterCMS Engine. This vulnerability allows the transmission of private resources into a new sphere, commonly referred to as a 'Resource Leak'. It affects users operating on Linux, MacOS, Windows, and ARM architectures. The vulnerability is present in versions of CrafterCMS from 4.0.0 up to, but not including, 4.0.8, and from 4.1.0 up to, but not including, 4.1.6.

The CVSS score for this vulnerability is 6.9, indicating a medium severity level. This score reflects a risk to organizations, particularly due to the potential for directory indexing and resource leak exposure, which could lead to unauthorized access to sensitive data.

As of now, there are no known exploits available for CVE-2025-0502. However, organizations utilizing the affected versions of CrafterCMS should prioritize patching this vulnerability to mitigate any risk associated with its exploitation.

Given the nature of this vulnerability and its potential impact, organizations are advised to take immediate action to update their systems. Failure to address this issue could lead to significant risks, especially for organizations that handle sensitive information.

Organizations should prioritize patching immediately.

Vulnerability Details

This vulnerability allows directory indexing and resource leak exposure in the CrafterCMS Engine. It affects versions 4.0.0 to 4.0.8 and 4.1.0 to 4.1.6. The CVSS score of 6.9 indicates a medium severity, highlighting the need for timely remediation.

Technical Analysis

The root cause of this vulnerability lies in the improper handling of resource transmissions, leading to potential directory indexing. The attack vector is network-based, with a low attack complexity, and does not require any privileges or user interaction. The impacts on confidentiality and availability are low, but the potential for a resource leak could expose sensitive data.

Risk & Impact Analysis

Organizations face a medium level of risk due to the potential for unauthorized access to sensitive resources. The blast radius includes any environment running the affected versions of CrafterCMS, increasing the urgency for organizations to address this vulnerability in their patch cycles.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of CrafterCMS include those from 4.0.0 to 4.0.8 and from 4.1.0 to 4.1.6. Organizations should ensure they update to the latest versions to mitigate risks associated with this vulnerability.

Mitigation & Remediation

Organizations should promptly update their CrafterCMS installations to versions beyond 4.0.8 or 4.1.6. If immediate upgrading is not feasible, organizations should consider implementing strict access controls and monitoring mechanisms to mitigate exposure while a patch is being prepared.

Regular security assessments and adherence to secure coding practices can further help reduce the risk associated with vulnerabilities like CVE-2025-0502. For detailed guidance on securing applications, organizations may consult resources on application security assessment.

Detection Guidance

Organizations should monitor for unusual directory access patterns in their logs, particularly in environments running the affected versions of CrafterCMS. Behavioral anomalies that indicate unauthorized resource access should be investigated promptly.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-0502 lies in its representation of common resource management errors within web applications. Security teams should take this opportunity to strengthen their defenses against similar vulnerabilities. For comprehensive strategies on securing applications, organizations are encouraged to review our security testing best practices and consider adopting a vulnerability management program to effectively manage and respond to vulnerabilities.

In addition, organizations should remain aware of emerging trends and potential threats by following our insights on vulnerability exposure severity trends to strengthen their overall security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-0502: Medium Vulnerability in CrafterCMS Engine