CVE-2025-66844

Description

In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered

PUBLISHED Reserved 2025-12-08 | Published 2025-12-15 | Updated 2025-12-16 | Assigner mitre

References

github.com/Yohane-Mashiro/grav_cve/issues/2

cve.org (CVE-2025-66844)

nvd.nist.gov (CVE-2025-66844)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.