Description

In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered

INFO

Published Date :

2025-12-15T00:00:00.000Z

Last Modified :

2025-12-16T15:37:54.521Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66844 vulnerability.

Vendors Products
Getgrav
  • Grav
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66844.

URL Resource
https://github.com/Yohane-Mashiro/grav_cve/issues/2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System