creacast CVE Vulnerabilities & Metrics

Focus on creacast vulnerabilities and metrics.

Last updated: 25 Nov 2025, 23:25 UTC

About creacast Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with creacast. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total creacast CVEs: 3
Earliest CVE date: 22 Sep 2025, 16:15 UTC
Latest CVE date: 22 Sep 2025, 18:15 UTC

Latest CVE reference: CVE-2025-57439

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical creacast CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS creacast CVEs

These are the five CVEs with the highest CVSS scores for creacast, sorted by severity first and recency.

CVE-2025-57439 creacast Published on 22 Sep 2025, 18:15 UTC (CVSS: 0)
Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse shell execution or arbitrary command execution.
CVE-2025-57434 creacast Published on 22 Sep 2025, 17:16 UTC (CVSS: 0)
Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows.
CVE-2025-57430 creacast Published on 22 Sep 2025, 16:15 UTC (CVSS: 0)
Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials.

All CVEs for creacast

CVE-2025-57439 creacast vulnerability CVSS: 0 22 Sep 2025, 18:15 UTC

Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse shell execution or arbitrary command execution.

CVE-2025-57434 creacast vulnerability CVSS: 0 22 Sep 2025, 17:16 UTC

Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows.

CVE-2025-57430 creacast vulnerability CVSS: 0 22 Sep 2025, 16:15 UTC

Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials.