← Back

CVE-2025-66295

nvd nist
Published: Dec 1, 2025Modified: Dec 4, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: security-advisories@github.com (Secondary)

Description

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user with privilege of user creation creates a new user through the Admin UI and supplies a username containing path traversal sequences (for example ..\Nijat or ../Nijat), Grav writes the account YAML file to an unintended path outside user/accounts/. The written YAML can contain account fields such as email, fullname, twofa_secret, and hashed_password. This vulnerability is fixed in 1.8.0-beta.27.

Affected (27)

Products: Getgrav: Grav
Getgrav
1 product
Grav
Configuration A
27 vulnerable
Vulnerable SoftwareAffected Versions
Getgrav
Grav
From 1.7.49.5 to 1.8.0
Grav
Version 1.8.0 beta10
Grav
Version 1.8.0 beta11
Grav
Version 1.8.0 beta12
Grav
Version 1.8.0 beta13
Grav
Version 1.8.0 beta14
Grav
Version 1.8.0 beta15
Grav
Version 1.8.0 beta16
Grav
Version 1.8.0 beta17
Grav
Version 1.8.0 beta18
Grav
Version 1.8.0 beta19
Grav
Version 1.8.0 beta1
Grav
Version 1.8.0 beta20
Grav
Version 1.8.0 beta21
Grav
Version 1.8.0 beta22
Grav
Version 1.8.0 beta23
Grav
Version 1.8.0 beta24
Grav
Version 1.8.0 beta25
Grav
Version 1.8.0 beta26
Grav
Version 1.8.0 beta2
Grav
Version 1.8.0 beta3
Grav
Version 1.8.0 beta4
Grav
Version 1.8.0 beta5
Grav
Version 1.8.0 beta6
Grav
Version 1.8.0 beta7
Grav
Version 1.8.0 beta8
Grav
Version 1.8.0 beta9

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.