CNNVD-202512-2675 Information

CNNVD ID

CNNVD-202512-2675

Related CVE

CVE-2025-66844

• CNNVD Published: 2025-12-15

Description (Chinese)

Grav是Grav开源的一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS（内容管理系统）。 Grav 1.7.49.5之前版本存在安全漏洞，该漏洞源于Twig模板处理不当，可能导致服务器端请求伪造。

Description (English)

Grav is an extended set of CMS (Content Management System) for personal blogs, small content distribution platforms and single-page product presentations. The previous version of Grav 1.7.49.5 had a security loophole, which stemmed from the mishandling of the Twig template, which could lead to the forgery of server requests.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Grav

Published

2025-12-15

Last Modified

2026-02-24

References

https://github.com/Yohane-Mashiro/grav_cve/issues/2 https://access.redhat.com/security/cve/cve-2025-66844

Patch

https://getgrav.org/downloads