CVE-2025-66303

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.8.0-beta.27

Description Grav is susceptible to a Denial of Service (DoS) condition due to improper input sanitization of the scheduled at parameter when processing cron expressions. Manipulating this parameter with malicious input, such as a single quote, can render the application’s admin panel non-functional, disrupting administrative operations. Recovery requires manual intervention on the host server to correct the corrupted cron expression within the backup.yaml file.

Recommendations Update to version 1.8.0-beta.27 or later.