Description

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cli version 2.0.4, and @tinacms/graphql version 2.0.3 contain a fix for the issue.

INFO

Published Date :

2025-12-18T15:27:21.403Z

Last Modified :

2025-12-18T15:46:53.765Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-68278 vulnerability.

Vendors Products
Tina
  • Tinacms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68278.

URL Resource
https://github.com/tinacms/tinacms/commit/fa7c27abef968e3f3a3e7d564f282bc566087569 cve-icon cve-icon
https://github.com/tinacms/tinacms/security/advisories/GHSA-529f-9qwm-9628 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability