CVE-2025-57439
Published: 22 September 2025
Summary
CVE-2025-57439 is a high-severity Code Injection (CWE-94) vulnerability in Creacast Creabox Manager. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Lua (T1059.011); ranked in the top 37.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-57439, published on 2025-09-22, is a critical Remote Code Execution vulnerability in Creacast Creabox Manager version 4.4.4. The flaw exists in the edit.php endpoint, where an authenticated attacker can inject arbitrary Lua code into the configuration, resulting in its execution on the server. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-94 (Code Injection).
An authenticated attacker can exploit this vulnerability remotely over the network. Exploitation requires low attack complexity but user interaction, allowing the attacker to achieve full system compromise, including reverse shell execution or arbitrary command execution.
For mitigation details, refer to the vendor advisory at http://www.creacast.com/ and the research repository at https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57439.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-30791
Vulnerability details
Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including…
more
reverse shell execution or arbitrary command execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables authenticated remote code execution via injection of arbitrary Lua code into the configuration file, which is executed on the server, directly facilitating Lua-based command and scripting interpreter execution (T1059.011) and exploitation of remote services (T1210).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates inputs to the edit.php endpoint to prevent injection of arbitrary Lua code into configuration files.
Remediates the specific code injection flaw in Creacast Creabox Manager 4.4.4 through timely patching per vendor advisory.
Restricts access to configuration change endpoints like edit.php to authorized personnel only, blocking authenticated attackers from injecting code.