CVE-2025-64752

Name of the Vulnerable Software and Affected Versions grist-core versions prior to 1.7.7

Description grist-core is a spreadsheet hosting server. A user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack escalation. As a workaround, avoid making http/https endpoints available to an instance running Grist that expose credentials or operate without credentials.

Recommendations Update to version 1.7.7 or later.