CVE-2025-64752

low-risk

Published 2025-11-13

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack escalation. This issue is fixed in version 1.7.7. The mitigation was to use the proxy for untrusted fetches intended for such purposes. As a workaround, avoid making http/https endpoints available to an instance running Grist that expose credentials or operate without credentials.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.8/10 Medium

NETWORK / HIGH complexity

Affected Products (1)

Grist-Core

Affected Vendors

Getgrist

References (2)

Release Notes https://github.com/gristlabs/grist-core/releases/tag/v1.7.7

Vendor Advisory https://github.com/gristlabs/grist-core/security/advisories/GHSA-qh95-2qv8-pqx3

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal