PT-2025-48559 · Grav · Grav
Published
2025-12-01
·
Updated
2025-12-02
·
CVE-2025-66300
CVSS v3.1
8.5
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Grav versions prior to 1.8.0-beta.27
Description
A user with limited privileges and page editing access can read any server file using the "Frontmatter" form. This includes Grav user account files located at
/grav/user/accounts/*.yaml, which contain hashed user passwords, two-factor authentication secrets, and password reset tokens. An attacker could potentially compromise any registered account by resetting a password or cracking the hashed password.Recommendations
Update to version 1.8.0-beta.27 or later.
Exploit
Fix
LPE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Grav