CVE-2025-66300 HIGH

CVE-2025-66300: Grav is vulnerable to Arbitrary File Read

Vendor Getgrav
Product grav
Weakness CWE-22 · Path traversal
Published December 1, 2025
Last update December 2, 2025

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

What the vulnerability does

01Description

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files (/grav/user/accounts/*.yaml), which store hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. This vulnerability is fixed in 1.8.0-beta.27.

Key dates

02Disclosure timeline

December 1, 2025 CVE published
December 2, 2025 Record updated