CVE-2025-9862 | THREATINT

Description

Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.

PUBLISHED Reserved 2025-09-02 | Published 2025-09-17 | Updated 2025-09-17 | Assigner Fluid Attacks

MEDIUM: 6.1CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Default status

unaffected

6.0.0 (custom)

affected

5.99.0 (custom)

affected

References

fluidattacks.com/advisories/regida exploit

fluidattacks.com/advisories/regida third-party-advisory

github.com/TryGhost/Ghost product

github.com/TryGhost/Ghost/releases/tag/v6.0.9 patch

github.com/.../Ghost/security/advisories/GHSA-f7qg-xj45-w956 vendor-advisory

cve.org (CVE-2025-9862)

nvd.nist.gov (CVE-2025-9862)

Download JSON