CVE-2025-66297
7.4
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Summary
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute arbitrary system commands via the scheduler API. This results in both Privilege Escalation (PE) and Remote Code Execution (RCE) vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| getgrav | grav | < 1.8.0-beta.27 | affected |
Weaknesses
- CWE-1336: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
References
- https://github.com/getgrav/grav/security/advisories/GHSA-858q-77wx-hhx6
- https://github.com/getgrav/grav/commit/e37259527d9c1deb6200f8967197a9fa587c6458
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.