CVE-2025-66299

Exploit

EPSS 0.52%
Veröffentlicht 01.12.2025 21:15:11
Zuletzt bearbeitet 03.12.2025 15:41:59
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Security Sandbox Bypass with SSTI (Server Side Template Injection) in the Grav CMS

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox does not fully protect the Twig object, it is possible to interact with it (e.g., call methods, read/write attributes) through maliciously crafted Twig template directives injected into a web page. This allows an authenticated editor to add arbitrary functions to the Twig attribute system.twig.safe_filters, effectively bypassing the Grav CMS sandbox. This vulnerability is fixed in 1.8.0-beta.27.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

NVD 27 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Getgrav ≫ Grav Version < 1.8.0

Getgrav ≫ Grav Version1.8.0 Updatebeta1

Getgrav ≫ Grav Version1.8.0 Updatebeta10

Getgrav ≫ Grav Version1.8.0 Updatebeta11

Getgrav ≫ Grav Version1.8.0 Updatebeta12

Getgrav ≫ Grav Version1.8.0 Updatebeta13

Getgrav ≫ Grav Version1.8.0 Updatebeta14

Getgrav ≫ Grav Version1.8.0 Updatebeta15

Getgrav ≫ Grav Version1.8.0 Updatebeta16

Getgrav ≫ Grav Version1.8.0 Updatebeta17

Getgrav ≫ Grav Version1.8.0 Updatebeta18

Getgrav ≫ Grav Version1.8.0 Updatebeta19

Getgrav ≫ Grav Version1.8.0 Updatebeta2

Getgrav ≫ Grav Version1.8.0 Updatebeta20

Getgrav ≫ Grav Version1.8.0 Updatebeta21

Getgrav ≫ Grav Version1.8.0 Updatebeta22

Getgrav ≫ Grav Version1.8.0 Updatebeta23

Getgrav ≫ Grav Version1.8.0 Updatebeta24

Getgrav ≫ Grav Version1.8.0 Updatebeta25

Getgrav ≫ Grav Version1.8.0 Updatebeta26

Getgrav ≫ Grav Version1.8.0 Updatebeta3

Getgrav ≫ Grav Version1.8.0 Updatebeta4

Getgrav ≫ Grav Version1.8.0 Updatebeta5

Getgrav ≫ Grav Version1.8.0 Updatebeta6

Getgrav ≫ Grav Version1.8.0 Updatebeta7

Getgrav ≫ Grav Version1.8.0 Updatebeta8

Getgrav ≫ Grav Version1.8.0 Updatebeta9

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.398

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://github.com/getgrav/grav/commit/e37259527d9c1deb6200f8967197a9fa587c6458

Patch

https://github.com/getgrav/grav/security/advisories/GHSA-gjc5-8cfh-653x

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-66299

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-66299

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-66299

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-66299