CVE-2025-66305

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.8.0-beta.27

Description Grav is a file-based Web platform. A denial of service issue exists in the "Languages" submenu of the Grav admin configuration panel at /admin/config/system. The Supported parameter does not properly validate user input. Providing a malformed value, such as a single forward slash (/) or an XSS test string, causes a fatal regular expression parsing error when using the preg match() function with an improperly constructed regular expression. This results in application-wide failure and renders the site unavailable to all users.

Recommendations Update to Grav version 1.8.0-beta.27 or later.