CVE-2025-66295
Grav CVE-2025-66295 describes a path traversal/write vulnerability in Grav’s Admin UI: before 1.8.0-beta.27, a user-creation flow could cause an account YAML file to be written outside the intended user/accounts/ directory when the username contains traversal sequences (e.g., ../../Nijat). The wr...