Lucene search
K

CVE-2025-66301

๐Ÿ—“๏ธย 01 Dec 2025ย 21:30:43Reported byย GitHub_MTypeย 
cve
ย cve
๐Ÿ”—ย web.nvd.nist.gov๐Ÿ‘ย 17ย Views๐ŸŒ WEB

CVE-2025-66301 Grav: Broken access control lets editors modify frontmatter to alter form processing; fixed in 1.8.0-beta.27.

Related
Detection
Affected
Refs
Paths
NVD
Vulners
Node
getgravgravRange<1.8.0
OR
getgravgravMatch1.8.0beta1
OR
getgravgravMatch1.8.0beta10
OR
getgravgravMatch1.8.0beta11
OR
getgravgravMatch1.8.0beta12
OR
getgravgravMatch1.8.0beta13
OR
getgravgravMatch1.8.0beta14
OR
getgravgravMatch1.8.0beta15
OR
getgravgravMatch1.8.0beta16
OR
getgravgravMatch1.8.0beta17
OR
getgravgravMatch1.8.0beta18
OR
getgravgravMatch1.8.0beta19
OR
getgravgravMatch1.8.0beta2
OR
getgravgravMatch1.8.0beta20
OR
getgravgravMatch1.8.0beta21
OR
getgravgravMatch1.8.0beta22
OR
getgravgravMatch1.8.0beta23
OR
getgravgravMatch1.8.0beta24
OR
getgravgravMatch1.8.0beta25
OR
getgravgravMatch1.8.0beta26
OR
getgravgravMatch1.8.0beta3
OR
getgravgravMatch1.8.0beta4
OR
getgravgravMatch1.8.0beta5
OR
getgravgravMatch1.8.0beta6
OR
getgravgravMatch1.8.0beta7
OR
getgravgravMatch1.8.0beta8
OR
getgravgravMatch1.8.0beta9
[
  {
    "vendor": "getgrav",
    "product": "grav",
    "versions": [
      {
        "version": "< 1.8.0-beta.27",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
taskrequest bodyadmin/pages/{form_folder}/:addPOST to add a new form page with a payload in data[_json][header][form], enabling SSTI via the form processing logic.CWE-285
data[header][title]request bodyadmin/pages/{form_folder}/:addPOST to add a new form page with a payload in data[_json][header][form], enabling SSTI via the form processing logic.CWE-285
data[content]request bodyadmin/pages/{form_folder}/:addPOST to add a new form page with a payload in data[_json][header][form], enabling SSTI via the form processing logic.CWE-285
data[folder]request bodyadmin/pages/{form_folder}/:addPOST to add a new form page with a payload in data[_json][header][form], enabling SSTI via the form processing logic.CWE-285
data[route]request bodyadmin/pages/{form_folder}/:addPOST to add a new form page with a payload in data[_json][header][form], enabling SSTI via the form processing logic.CWE-285
data[name]request bodyadmin/pages/{form_folder}/:addPOST to add a new form page with a payload in data[_json][header][form], enabling SSTI via the form processing logic.CWE-285
data[_json][header][form]request bodyadmin/pages/{form_folder}/:addPOST to add a new form page with a payload in data[_json][header][form], enabling SSTI via the form processing logic.CWE-285
_post_entries_saverequest bodyadmin/pages/{form_folder}/:addPOST to add a new form page with a payload in data[_json][header][form], enabling SSTI via the form processing logic.CWE-285
__form-name__request bodyadmin/pages/{form_folder}/:addPOST to add a new form page with a payload in data[_json][header][form], enabling SSTI via the form processing logic.CWE-285
__unique_form_id__request bodyadmin/pages/{form_folder}/:addPOST to add a new form page with a payload in data[_json][header][form], enabling SSTI via the form processing logic.CWE-285
Rows per page

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 09:56Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.19.6
CVSS 48.6
EPSS0.01252
SSVC
17