CVE-2024-21622 MEDIUM

CVE-2024-21622: Craft CMS Privilege Escalation

Vendor Craftcms
Product cms
Weakness CWE-269
Published January 3, 2024
Last update April 17, 2025

CVSS base score

5.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

What the vulnerability does

01Description

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.

Key dates

02Disclosure timeline

January 3, 2024 CVE published
April 17, 2025 Record updated