CNNVD-202512-019 Information

CNNVD ID

CNNVD-202512-019

Related CVE

CVE-2025-66301

• CNNVD Published: 2025-12-01

Description (Chinese)

Grav是Grav开源的一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS（内容管理系统）。 Grav 1.8.0-beta.27之前版本存在授权问题漏洞，该漏洞源于授权检查不当，可能导致表单功能被修改。

Description (English)

Grav is an extended set of CMS (Content Management System) for personal blogs, small content distribution platforms and single-page product presentations. The previous version of Grav 1.8.0-beta.27 had a gap in delegation of authority, which stemmed from inappropriate authorization checks and could lead to changes in the form function.

Hazard Level

Medium

Vulnerability Type

授权问题

Affected Vendor

Grav

Published

2025-12-01

Last Modified

2026-02-24

References

https://github.com/getgrav/grav/security/advisories/GHSA-v8x2-fjv7-8hjh https://access.redhat.com/security/cve/cve-2025-66301

Patch

https://getgrav.org/downloads