CVE-2025-66844

Name of the Vulnerable Software and Affected Versions grav versions prior to 1.7.49.5

Description A Server-Side Request Forgery (SSRF) issue exists in grav. The issue occurs when page content is processed by Twig templates, and the configuration allows undefined PHP functions to be registered. This can be triggered via Twig templates. SSRF allows an attacker to cause the server to make requests to unintended locations.

Recommendations Update grav to version 1.7.49.5 or later.