CVE-2025-57439
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2025-10-17

Assigner: MITRE

Description
Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse shell execution or arbitrary command execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2025-10-17
Generated
2026-05-07
AI Q&A
2025-09-22
EPSS Evaluated
2026-05-05
NVD
CVE-2025-57439
EUVD
EUVD-2025-30791
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
creacast creabox_manager 4.4.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Creacast Creabox Manager 4.4.4 allows an authenticated attacker to inject arbitrary Lua code via the edit.php endpoint. The injected code is executed on the server, enabling the attacker to perform remote code execution, which can lead to full system compromise including reverse shell or arbitrary command execution.


How can this vulnerability impact me? :

The vulnerability can lead to a full system compromise, allowing attackers to execute arbitrary commands or gain reverse shell access. This can result in unauthorized control over the affected system, data theft, service disruption, or further attacks within the network.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart