CVE-2025-66297

high-risk

Published 2025-12-01

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute arbitrary system commands via the scheduler API. This results in both Privilege Escalation (PE) and Remote Code Execution (RCE) vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27.

Do I need to act?

0.52% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Grav

Affected Vendors

Getgrav

References (2)

Patch https://github.com/getgrav/grav/commit/e37259527d9c1deb6200f8967197a9fa587c6458

Exploit https://github.com/getgrav/grav/security/advisories/GHSA-858q-77wx-hhx6

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 2/34 · Minimal

Exposure 22/34 · High