CVE-2025-66302 (GCVE-0-2025-66302)
Vulnerability from cvelistv5
Published
2025-12-01 21:33
Modified
2025-12-03 15:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path traversal vulnerability has been identified in Grav CMS, allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of the user account running the application. This vulnerability is fixed in 1.8.0-beta.27.
References
| URL | Tags | ||
|---|---|---|---|
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66302",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T15:11:05.884619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T15:11:08.768Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-j422-qmxp-hv94"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.0-beta.27"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path traversal vulnerability has been identified in Grav CMS, allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of the user account running the application. This vulnerability is fixed in 1.8.0-beta.27."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T21:33:40.396Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-j422-qmxp-hv94",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-j422-qmxp-hv94"
},
{
"name": "https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee"
}
],
"source": {
"advisory": "GHSA-j422-qmxp-hv94",
"discovery": "UNKNOWN"
},
"title": "Grav vulnerable to Path Traversal allowing server files backup"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66302",
"datePublished": "2025-12-01T21:33:40.396Z",
"dateReserved": "2025-11-26T23:11:46.394Z",
"dateUpdated": "2025-12-03T15:11:08.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-66302\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-12-01T22:15:49.750\",\"lastModified\":\"2025-12-03T16:00:53.343\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path traversal vulnerability has been identified in Grav CMS, allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of the user account running the application. This vulnerability is fixed in 1.8.0-beta.27.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.8.0\",\"matchCriteriaId\":\"0F068841-DBCC-41D5-8B24-BFCE51841E2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A383F2E-C6BA-440B-B648-A3313B7D91C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7EF2DEC-2798-4D0D-9C27-0F01BAFEAEFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*\",\"matchCriteriaId\":\"530C6F64-F30B-4E93-9A12-D9625EA57483\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AC28BF9-626D-4514-91F0-F81DAB5D3602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*\",\"matchCriteriaId\":\"307AA375-E531-4AE5-BA79-2F9D4DE7A05F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2E3E312-485D-42B0-B465-64B6438CDCAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BE4B2F9-1B6D-4D18-916A-5C95A3213222\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*\",\"matchCriteriaId\":\"763207F0-92D1-4274-A30A-DE634C5852C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DE8F350-BA07-4DAA-AE4B-5E0A532B6828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9150B94-0DF3-43F3-9806-39787A6C0E4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAA7C7EC-8FB2-445D-8A02-1743D87F5416\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A6BEA2A-D534-4C9E-811A-8A46E214C46D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A644F57-FF39-4262-9796-7C4F3B0851C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2AFB9E7-084E-497B-B0FC-CA6A5033C5BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C5E8823-9083-4FFA-9897-CAD0340DCE68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C048938-E0EC-4AD0-9847-FD74E6770FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7B43876-1445-418A-9707-E692FDF62C4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*\",\"matchCriteriaId\":\"94B209DE-01C6-41BA-B912-CF57849A9F7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB53AA10-87A5-4010-8019-BF4AA5ABC12B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"775E0913-F3EF-4A55-B162-5BF9C6E2E641\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C3E022E-35CB-40AD-959A-F39949E38BD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"8779C813-A81A-4E21-AB86-6193933568BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*\",\"matchCriteriaId\":\"B608EDD4-207A-41A7-A60D-496FDA8EAFEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1F2253-3EE0-4ADD-B8A5-C882A60FC626\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*\",\"matchCriteriaId\":\"81D4C859-5560-42F1-ACD9-65210E523F28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*\",\"matchCriteriaId\":\"156707A7-9507-4AC1-9CD0-90E32836E9DF\"}]}]}],\"references\":[{\"url\":\"https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/getgrav/grav/security/advisories/GHSA-j422-qmxp-hv94\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/getgrav/grav/security/advisories/GHSA-j422-qmxp-hv94\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-66302\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-03T15:11:05.884619Z\"}}}], \"references\": [{\"url\": \"https://github.com/getgrav/grav/security/advisories/GHSA-j422-qmxp-hv94\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-03T15:10:59.784Z\"}}], \"cna\": {\"title\": \"Grav vulnerable to Path Traversal allowing server files backup\", \"source\": {\"advisory\": \"GHSA-j422-qmxp-hv94\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"getgrav\", \"product\": \"grav\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.8.0-beta.27\"}]}], \"references\": [{\"url\": \"https://github.com/getgrav/grav/security/advisories/GHSA-j422-qmxp-hv94\", \"name\": \"https://github.com/getgrav/grav/security/advisories/GHSA-j422-qmxp-hv94\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee\", \"name\": \"https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path traversal vulnerability has been identified in Grav CMS, allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of the user account running the application. This vulnerability is fixed in 1.8.0-beta.27.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-12-01T21:33:40.396Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-66302\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-03T15:11:08.768Z\", \"dateReserved\": \"2025-11-26T23:11:46.394Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-12-01T21:33:40.396Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
fkie_cve-2025-66302
Vulnerability from fkie_nvd
Published
2025-12-01 22:15
Modified
2025-12-03 16:00
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path traversal vulnerability has been identified in Grav CMS, allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of the user account running the application. This vulnerability is fixed in 1.8.0-beta.27.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getgrav | grav | * | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F068841-DBCC-41D5-8B24-BFCE51841E2E",
"versionEndExcluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8A383F2E-C6BA-440B-B648-A3313B7D91C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "F7EF2DEC-2798-4D0D-9C27-0F01BAFEAEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "530C6F64-F30B-4E93-9A12-D9625EA57483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9AC28BF9-626D-4514-91F0-F81DAB5D3602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "307AA375-E531-4AE5-BA79-2F9D4DE7A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "C2E3E312-485D-42B0-B465-64B6438CDCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "5BE4B2F9-1B6D-4D18-916A-5C95A3213222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "763207F0-92D1-4274-A30A-DE634C5852C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "1DE8F350-BA07-4DAA-AE4B-5E0A532B6828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "F9150B94-0DF3-43F3-9806-39787A6C0E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "BAA7C7EC-8FB2-445D-8A02-1743D87F5416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A6BEA2A-D534-4C9E-811A-8A46E214C46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "7A644F57-FF39-4262-9796-7C4F3B0851C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB9E7-084E-497B-B0FC-CA6A5033C5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "5C5E8823-9083-4FFA-9897-CAD0340DCE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "9C048938-E0EC-4AD0-9847-FD74E6770FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "F7B43876-1445-418A-9707-E692FDF62C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "94B209DE-01C6-41BA-B912-CF57849A9F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "AB53AA10-87A5-4010-8019-BF4AA5ABC12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "775E0913-F3EF-4A55-B162-5BF9C6E2E641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3C3E022E-35CB-40AD-959A-F39949E38BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8779C813-A81A-4E21-AB86-6193933568BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B608EDD4-207A-41A7-A60D-496FDA8EAFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "AE1F2253-3EE0-4ADD-B8A5-C882A60FC626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "81D4C859-5560-42F1-ACD9-65210E523F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "156707A7-9507-4AC1-9CD0-90E32836E9DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path traversal vulnerability has been identified in Grav CMS, allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of the user account running the application. This vulnerability is fixed in 1.8.0-beta.27."
}
],
"id": "CVE-2025-66302",
"lastModified": "2025-12-03T16:00:53.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-12-01T22:15:49.750",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-j422-qmxp-hv94"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-j422-qmxp-hv94"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
cnvd-2025-30353
Vulnerability from cnvd
Title
Grav路径遍历漏洞(CNVD-2025-30353)
Description
Grav是一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS(内容管理系统)。
Grav存在路径遍历漏洞,该漏洞源于程序未能正确地过滤资源或文件路径中的特殊元素,攻击者可利用该漏洞导致读取任意文件。
Severity
中
VLAI Severity ?
Patch Name
Grav路径遍历漏洞(CNVD-2025-30353)的补丁
Patch Description
Grav是一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS(内容管理系统)。
Grav存在路径遍历漏洞,该漏洞源于程序未能正确地过滤资源或文件路径中的特殊元素,攻击者可利用该漏洞导致读取任意文件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级程序修复该安全问题,详情见厂商官网: https://getgrav.org/downloads
Reference
https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee
Impacted products
| Name | Grav Grav <1.8.0-beta.27 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-66302",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-66302"
}
},
"description": "Grav\u662f\u4e00\u5957\u53ef\u6269\u5c55\u7684\u7528\u4e8e\u4e2a\u4eba\u535a\u5ba2\u3001\u5c0f\u578b\u5185\u5bb9\u53d1\u5e03\u5e73\u53f0\u548c\u5355\u9875\u4ea7\u54c1\u5c55\u793a\u7684CMS\uff08\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff09\u3002\n\nGrav\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u8d44\u6e90\u6216\u6587\u4ef6\u8def\u5f84\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51:\r\nhttps://getgrav.org/downloads",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-30353",
"openTime": "2025-12-09",
"patchDescription": "Grav\u662f\u4e00\u5957\u53ef\u6269\u5c55\u7684\u7528\u4e8e\u4e2a\u4eba\u535a\u5ba2\u3001\u5c0f\u578b\u5185\u5bb9\u53d1\u5e03\u5e73\u53f0\u548c\u5355\u9875\u4ea7\u54c1\u5c55\u793a\u7684CMS\uff08\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff09\u3002\r\n\r\nGrav\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u8d44\u6e90\u6216\u6587\u4ef6\u8def\u5f84\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Grav\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff08CNVD-2025-30353\uff09\u7684\u8865\u4e01",
"products": {
"product": "Grav Grav \u003c1.8.0-beta.27"
},
"referenceLink": "https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee",
"serverity": "\u4e2d",
"submitTime": "2025-12-03",
"title": "Grav\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff08CNVD-2025-30353\uff09"
}
ghsa-j422-qmxp-hv94
Vulnerability from github
Published
2025-12-02 00:38
Modified
2025-12-02 00:38
Severity ?
VLAI Severity ?
Summary
Grav vulnerable to Path Traversal allowing server files backup
Details
Summary
A path traversal vulnerability has been identified in Grav CMS, versions 1.7.49.5 , allowing authenticated attackers
with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due
to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling
access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of
the user account running the application.
PoC
``` To accurately demonstrate the maximum potential impact of this vulnerability, the testing environment was configured in a specific way:
-
Elevated Privileges: The application was run locally with the highest possible system privileges, operating under the
rootuser account. -
Objective: This configuration was chosen to unequivocally show that the path traversal vulnerability is not just a theoretical issue but can lead to a complete compromise of the underlying host when combined with poor operational practices. The ability to read any file on the system is the ultimate test of the flaw's severity.
Proof of Concept Goal: Under these conditions, the subsequent PoC will exploit the vulnerability to read the SSH private key
of the root user (/root/.ssh/id_rsa). The successful exfiltration of this key represents a worst-case scenario, as it would provide
an attacker with persistent, undetectable, and complete administrative access to the host server. This highlights the critical intersection
of an application-layer vulnerability and a infrastructure-level misconfiguration.
```
``` 1- LOGIN AS ADMIN AND GO TO : http://127.0.0.1/admin/tools/backups 2- Change 'Root Folder' to backup directory /../../../../../../../root/.ssh/
```
3- CLICK : 'SAVE'
4- CLICK : 'Backup Now'
5- Extract Backup :
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "getgrav/grav"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.0-beta.27"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66302"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-02T00:38:41Z",
"nvd_published_at": "2025-12-01T22:15:49Z",
"severity": "MODERATE"
},
"details": "### Summary\n```\nA path traversal vulnerability has been identified in Grav CMS, versions 1.7.49.5 , allowing authenticated attackers\n with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due\n to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling\n access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of \nthe user account running the application.\n```\n\n### PoC\n```\nTo accurately demonstrate the maximum potential impact of this vulnerability, the testing environment was configured in a specific way:\n\n- Elevated Privileges: The application was run locally with the highest possible system privileges, operating under the **`root`** user account.\n \n- Objective: This configuration was chosen to unequivocally show that the path traversal vulnerability is not just a theoretical issue but can lead to a complete compromise of the underlying host when combined with poor operational practices. The ability to read any file on the system is the ultimate test of the flaw\u0027s severity.\n \n\nProof of Concept Goal: Under these conditions, the subsequent PoC will exploit the vulnerability to read the SSH private key\n of the `root` user (`/root/.ssh/id_rsa`). The successful exfiltration of this key represents a worst-case scenario, as it would provide \nan attacker with persistent, undetectable, and complete administrative access to the host server. This highlights the critical intersection\n of an application-layer vulnerability and a infrastructure-level misconfiguration.\n\n```\n\n\n\n\n```\n1- LOGIN AS ADMIN AND GO TO : http://127.0.0.1/admin/tools/backups\n2- Change \u0027Root Folder\u0027 to backup directory /../../../../../../../root/.ssh/ \n\n```\n\u003cimg width=\"1902\" height=\"492\" alt=\"Screenshot 2025-09-11 161519\" src=\"https://github.com/user-attachments/assets/23a60dc3-7758-4e24-b910-e66a1dd1f5e2\" /\u003e\n\n\n\n```\n3- CLICK : \u0027SAVE\u0027\n4- CLICK : \u0027Backup Now\u0027\n```\n\n\u003cimg width=\"1916\" height=\"512\" alt=\"Screenshot 2025-09-11 154151\" src=\"https://github.com/user-attachments/assets/88a63ff2-777e-467e-857b-0644ef698499\" /\u003e\n\n```\n5- Extract Backup :\n```\n\n\n\u003cimg width=\"704\" height=\"101\" alt=\"Screenshot 2025-09-11 160114\" src=\"https://github.com/user-attachments/assets/b91ce4db-9843-4280-b8f0-32c73aa12d4d\" /\u003e\n\u003cimg width=\"567\" height=\"101\" alt=\"Screenshot 2025-09-11 160135\" src=\"https://github.com/user-attachments/assets/155ce7d8-c2fc-4b54-b054-f7c7550bec82\" /\u003e",
"id": "GHSA-j422-qmxp-hv94",
"modified": "2025-12-02T00:38:41Z",
"published": "2025-12-02T00:38:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-j422-qmxp-hv94"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66302"
},
{
"type": "WEB",
"url": "https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee"
},
{
"type": "PACKAGE",
"url": "https://github.com/getgrav/grav"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Grav vulnerable to Path Traversal allowing server files backup"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…