CVE-2025-57439HIGH 8.8EPSS p50.8%

CVE-2025-57439CVE-2025-57439

Description

Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse shell execution or arbitrary command execution.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.77% probability of exploitation · percentile 50.8% · 2026-06-19T12:03:05Z
Published2025-09-22
Last modified2025-10-17

Underlying weaknesses· 1

CWE-94

References

  1. http://www.creacast.com/
  2. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57439

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-57434
CVE
CVE-2025-6384
CVE
Craft CMS Code Injection Vulnerability
CVE
CVE-2025-41734
CVE
CVE-2025-14700
CVE
CVE-2025-41736
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.