CNNVD-202512-027 Information

CNNVD ID

CNNVD-202512-027

Related CVE

CVE-2025-66297

• CNNVD Published: 2025-12-01

Description (Chinese)

Grav是Grav开源的一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS（内容管理系统）。 Grav 1.8.0-beta.27之前版本存在安全漏洞，该漏洞源于恶意Twig表达式注入，可能导致权限提升和远程代码执行。

Description (English)

Grav is an extended set of CMS (Content Management System) for personal blogs, small content distribution platforms and single-page product presentations. The previous version of Grav 1.8.0-beta.27 had a security loophole, which stemmed from malicious Twig infusion, which could lead to the increase of privileges and remote code enforcement.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Grav

Published

2025-12-01

Last Modified

2026-02-24

References

https://github.com/getgrav/grav/security/advisories/GHSA-858q-77wx-hhx6 https://github.com/getgrav/grav/commit/e37259527d9c1deb6200f8967197a9fa587c6458 https://access.redhat.com/security/cve/cve-2025-66297

Patch

https://getgrav.org/downloads