Plattform
php
Komponente
getgrav/grav
Behoben in
1.8.1
1.8.0-beta.27
CVE-2025-66300 describes an Arbitrary File Access vulnerability discovered in Grav CMS. This flaw allows authenticated, low-privilege users with page editing privileges to read arbitrary files on the server through the "Frontmatter" form. Critically, this includes access to Grav user account files, potentially exposing hashed passwords, 2FA secrets, and password reset tokens, impacting versions 1.8.0-beta.9 and earlier. A fix is available in version 1.8.0-beta.27.
The primary impact of CVE-2025-66300 is the potential for unauthorized access to sensitive user account information. An attacker exploiting this vulnerability can read Grav user account files, which contain hashed passwords, two-factor authentication (2FA) secrets, and password reset tokens. This information can be used to compromise any registered account. Attackers could reset passwords to gain access or crack the hashed passwords to obtain credentials. The blast radius extends to all users of the affected Grav CMS installations, particularly those with low-privilege user accounts that have page editing privileges. This vulnerability shares similarities with other file access vulnerabilities where improper input validation allows attackers to bypass security controls and access restricted resources.
CVE-2025-66300 was published on 2025-12-02. There is no indication of this vulnerability being added to the CISA KEV catalog (KEV) or having a high EPSS score, suggesting a low to medium probability of exploitation. As of this writing, no public proof-of-concept (PoC) code has been released, but the vulnerability's simplicity could lead to rapid exploitation if a PoC is developed. Active campaigns are not currently known.
Websites and applications utilizing Grav CMS versions 1.8.0-beta.9 and earlier are at risk. This includes organizations hosting Grav CMS instances on shared hosting environments, as the vulnerability allows for file access regardless of user privileges. Additionally, deployments with default configurations or those lacking robust file access controls are particularly vulnerable.
• php / server:
find /var/www/grav/user/plugins/form/templates/forms/fields/display/ -name 'display.html.twig' -print0 | xargs -0 grep -i 'frontmatter'• php / server:
journalctl -u grav -f | grep -i "Frontmatter"• generic web:
Use curl to test for access to sensitive files. If the CMS is configured with default settings, attempt to access /grav/user/accounts/*.yaml via a browser or curl. A successful response indicates potential exploitation.
• generic web:
Review access logs for unusual file access patterns, particularly requests targeting files within the /grav/user/accounts/ directory.
disclosure
Exploit-Status
EPSS
0.08% (23% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-66300 is to upgrade Grav CMS to version 1.8.0-beta.27 or later, which contains the fix. If immediate upgrading is not possible, consider implementing temporary workarounds. Restrict access to the 'Frontmatter' form and its associated templates to only authorized users. Implement strict file permissions on the /grav/user/accounts/ directory to prevent unauthorized access. Monitor access logs for suspicious activity related to file reads. While a WAF or proxy cannot directly prevent this vulnerability, it can be configured to detect and block requests attempting to access sensitive files. After upgrading, confirm the fix by attempting to access a user account file through the 'Frontmatter' form; access should be denied.
Actualice Grav a la versión 1.8.0-beta.27 o superior. Esta versión corrige la vulnerabilidad de lectura arbitraria de archivos. La actualización se puede realizar a través del panel de administración de Grav o manualmente descargando la última versión y reemplazando los archivos existentes.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-66300 is a HIGH severity vulnerability allowing low-privilege users to read sensitive files in Grav CMS versions ≤1.8.0-beta.9, potentially exposing user account data.
Yes, if you are running Grav CMS version 1.8.0-beta.9 or earlier, you are vulnerable to this Arbitrary File Access flaw.
Upgrade Grav CMS to version 1.8.0-beta.27 or later to remediate the vulnerability. Consider temporary workarounds like restricting access to the 'Frontmatter' form if immediate upgrade is not possible.
As of December 2, 2025, there is no confirmed evidence of active exploitation campaigns targeting CVE-2025-66300.
Refer to the official Grav CMS security advisory for detailed information and updates regarding CVE-2025-66300.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.