CVE-2025-66306

01.12.2025, 22:15

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an IDOR (Insecure Direct Object Reference) vulnerability in the Grav CMS Admin Panel which allows low-privilege users to access sensitive information from other accounts. Although direct account takeover is not possible, admin email addresses and other metadata can be exposed, increasing the risk of phishing, credential stuffing, and social engineering. This vulnerability is fixed in 1.8.0-beta.27.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
GitHub_M	CNA	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Vendor	Product	Version
getgrav	grav	1.7.48 ≤ 𝑥 < 1.8.0
getgrav	grav	1.8.0:beta1
getgrav	grav	1.8.0:beta10
getgrav	grav	1.8.0:beta11
getgrav	grav	1.8.0:beta12
getgrav	grav	1.8.0:beta13
getgrav	grav	1.8.0:beta14
getgrav	grav	1.8.0:beta15
getgrav	grav	1.8.0:beta16
getgrav	grav	1.8.0:beta17
getgrav	grav	1.8.0:beta18
getgrav	grav	1.8.0:beta19
getgrav	grav	1.8.0:beta2
getgrav	grav	1.8.0:beta20
getgrav	grav	1.8.0:beta21
getgrav	grav	1.8.0:beta22
getgrav	grav	1.8.0:beta23
getgrav	grav	1.8.0:beta24
getgrav	grav	1.8.0:beta25
getgrav	grav	1.8.0:beta26
getgrav	grav	1.8.0:beta3
getgrav	grav	1.8.0:beta4
getgrav	grav	1.8.0:beta5
getgrav	grav	1.8.0:beta6
getgrav	grav	1.8.0:beta7
getgrav	grav	1.8.0:beta8
getgrav	grav	1.8.0:beta9

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-639 - Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References

https://github.com/getgrav/grav/commit/b7e1958a6e807ac14919447b60e5204a2ea77f62

https://github.com/getgrav/grav/security/advisories/GHSA-4cwq-j7jv-qmwg