CVE-2025-66304

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.8.0-beta.27

Description Grav is a file-based Web platform. Users with read access to the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure could allow an attacker to gain elevated privileges if they are able to crack the password hashes.

Recommendations Update to version 1.8.0-beta.27 or later.

Exploit

Fix

LPE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-201

Related Identifiers

CVE-2025-66304

GHSA-GQ3G-666W-7H85

Affected Products

Grav

CVE-2025-66304

Weakness Enumeration

Related Identifiers

Affected Products

References · 7