CVE-2025-14700

Summary

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection.

Affected Software

VendorProductVersion RangeStatus
Arcadia Technology, LLCCrafty Controller4.6.1affected

Weaknesses

  • CWE-1336: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References