Input Neutralization Flaw in Crafty Controller Server MOTD
CVE-2025-14701

7.1HIGH

Key Information:

Vendor

Arcadia Technology, Llc

Status
Crafty Controller
Vendor
CVE Published:
17 December 2025

What is CVE-2025-14701?

An input neutralization vulnerability in the Server MOTD component of Crafty Controller enables remote, unauthenticated attackers to exploit the system. By manipulating server messages, attackers can execute stored cross-site scripting (XSS) attacks, potentially leading to unauthorized actions and data compromise.

Affected Version(s)

Crafty Controller 0 < 4.6.2

References

https://gitlab.com/crafty-controller/crafty-4/-/issues/647
issue-trackingpermissions-required

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thank you to [Rozza / rchar](https://gitlab.com/rchar) on GitLab for reporting this issue.
JSON
.