CVE-2025-14700

Critical

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to…

GitLab·CWE-1336·Published 2025-12-17

CVSS

9.9

EPSS

0.01

KEV

Exploits

cve.orgen

201 chars

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection.

NVDen

201 chars

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.9	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
3.1	Secondary	NVD	9.9	3.1	6.0	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H