CVE-2025-66299— Grav 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2025-66299の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Security Sandbox Bypass with SSTI (Server Side Template Injection) in the Grav CMS
ソース: NVD (National Vulnerability Database)
脆弱性説明
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox does not fully protect the Twig object, it is possible to interact with it (e.g., call methods, read/write attributes) through maliciously crafted Twig template directives injected into a web page. This allows an authenticated editor to add arbitrary functions to the Twig attribute system.twig.safe_filters, effectively bypassing the Grav CMS sandbox. This vulnerability is fixed in 1.8.0-beta.27.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
对生成代码的控制不恰当(代码注入)
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Grav 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Grav是Grav开源的一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS(内容管理系统)。 Grav 1.8.0-beta.27之前版本存在安全漏洞,该漏洞源于服务器端模板注入,可能导致任意代码执行。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2025-66299の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2025-66299のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · getgrav · 2025-12-01 · 19 CVEs total
| CVE-2025-66295 | 8.8 HIGH | Grav vulnerable to Path traversal / arbitrary YAML write via user creation leading to Acco |
| CVE-2025-66296 | 8.8 HIGH | Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check A |
| CVE-2025-66300 | 8.5 HIGH | Grav is vulnerable to Arbitrary File Read |
| CVE-2025-66302 | 6.8 MEDIUM | Grav vulnerable to Path Traversal allowing server files backup |
| CVE-2025-66307 | 6.5 MEDIUM | Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure |
| CVE-2025-66304 | 6.2 MEDIUM | Grav Exposes Password Hashes Leading to privilege escalation |
| CVE-2025-66303 | 4.9 MEDIUM | Grav is vulnerable to a DOS on the admin panel |
| CVE-2025-66306 | 4.3 MEDIUM | Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel |
| CVE-2025-66301 | Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatt | |
| CVE-2025-66310 | Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parame | |
| CVE-2025-66298 | Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms | |
| CVE-2025-66308 | Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/ | |
| CVE-2025-66309 | Grav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], para | |
| CVE-2025-66311 | Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Mul | |
| CVE-2025-66297 | Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig I | |
| CVE-2025-66294 | Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass | |
| CVE-2025-66305 | Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter | |
| CVE-2025-66312 | Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/account |
IV. 関連脆弱性
同じ製品: grav
- CVE-2025-66312
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) S - CVE-2025-66311
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoin - CVE-2025-66310
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoin - CVE-2025-66309
Grav vulnerable to Cross-Site Scripting (XSS) Reflected endp - CVE-2025-66308
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) S
同じベンダー: getgrav
- CVE-2020-36955
Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persisten - CVE-2021-47812
GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticate - CVE-2025-66312
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) S - CVE-2025-66311
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoin - CVE-2025-66310
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoin
同じ弱点: CWE-94
- CVE-2021-47939
Evolution CMS 3.1.6 Authenticated Remote Code Execution via - CVE-2021-47938
ImpressCMS 1.4.2 Remote Code Execution via Autotasks - CVE-2021-47935
Sentry 8.2.0 Remote Code Execution via Pickle Deserializatio - CVE-2022-50944
Aero CMS 0.0.1 PHP Code Injection via posts.php - CVE-2026-8211
codelibs Fess JSP File AdminDesignAction.java update code in
V. CVE-2025-66299へのコメント
まだコメントはありません