CVE-2025-66302

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path traversal vulnerability has been identified in Grav CMS, allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient inp...

CVE-2025-66299

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection SSTI that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox...

CVE-2025-66298

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details including plugin configuration details by using the correct POST payload to exploit a Server-Side Template SST vulnerability. Sensitive information may be...

CVE-2025-66296

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an...

CVE-2025-66294

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection SSTI vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by...

EUVD-2025-200076

Grav is vulnerable to Server-Side Template Injection SSTI via Forms...

EUVD-2025-200081

Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass...

EUVD-2025-200105

Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter...

EUVD-2025-200109

Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions...

EUVD-2025-200079

Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover...

Uncaught Exception

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Uncaught Exception via improper validation of the Supported parameter in the admin configuration panel. An attacker can cause the application ...

Authorization Bypass Through User-Controlled Key

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the /admin/accounts/users/username endpoint. An attacker can obtain sensitive information...

CVE-2025-66299

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection SSTI that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox...

CVE-2025-66306 Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an IDOR Insecure Direct Object Reference vulnerability in the Grav CMS Admin Panel which allows low-privilege users to access sensitive information from other accounts. Although direct account takeover is not possible, admin emai...

Arbitrary Code Injection

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection via the Twig object when maliciously crafted template directives are injected into a web page. An attacker can execut...

Incorrect Privilege Assignment

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to the absence of username uniqueness validation when creating users. An attacker can gain unauthorized...

CVE-2025-66303 Grav is vulnerable to a DOS on the admin panel

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...

CVE-2025-66302

Grav CMS path traversal vulnerability (CVE-2025-66302) exists prior to 1.8.0-beta.27 in the backup tool’s input sanitization, enabling authenticated administrators to read arbitrary files on the server filesystem outside the webroot. Impact depends on the privileges of the Grav process account; f...

CVE-2025-66300

Grav is a file-based CMS affected by CVE-2025-66300. A low-privilege user with page-editing rights could exploit path traversal via the Frontmatter form to read server files, including Grav user accounts located at /grav/user/accounts/*.yaml, exposing password hashes, 2FA secrets, and password-re...

CVE-2025-66300 Grav is vulnerable to Arbitrary File Read

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files /grav/user/accounts/.yaml, which store hashed user password, 2FA secret, and the password...