MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-66299

🔴 HIGH

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbit...

Published
Dec 01, 2025
Last Modified
Dec 03, 2025
Views
1
Bookmarks
0

Description

Request Expert Review

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox does not fully protect the Twig object, it is possible to interact with it (e.g., call methods, read/write attributes) through maliciously crafted Twig template directives injected into a web page. This allows an authenticated editor to add arbitrary functions to the Twig attribute system.twig.safe_filters, effectively bypassing the Grav CMS sandbox. This vulnerability is fixed in 1.8.0-beta.27.

Affected Products (27)

getgrav - grav

Version: *

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

getgrav - grav

Version: 1.8.0

CVSS Scores

CVSS 3.1 8.8
8.8
HIGH
CVSS 2.0 8.8

References

github.com github.com

Additional Information

Source
security-advisories@github.com
State
Analyzed

Related CVEs

CVE-2025-14705

CRITICAL

A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulatio...

Score: 9.8

CVE-2025-14704

HIGH

A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The ma...

Score: 7.3

CVE-2025-67906

MEDIUM

In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.

Score: 5.4

CVE-2025-14703

MEDIUM

A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST...

Score: 5.3

CVE-2025-14702

MEDIUM

A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashAct...

Score: 4.4

CVE-2025-13740

MEDIUM

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `lightweight-accordion` shortcode in all...

Score: 6.4

Share CVE-2025-66299

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-66299 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis