CVE-2025-66294 | grav up to 1.8.0-beta.27 cleanDangerousTwig code injection (GHSA-662m-56v4-3r8f)

December 1, 2025 Yanac

A vulnerability was found in grav up to 1.8.0-beta.27. It has been rated as critical. This affects the function cleanDangerousTwig. This manipulation causes code injection.

This vulnerability is tracked as CVE-2025-66294. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More

CVE-2025-66301 | grav up to 1.8.0-beta.27 POST Request /admin/pages/ page_name improper authorization
CVE-2025-55749 | XWiki xwiki-platform up to 16.10.10/17.4.3/17.6.x XJetty webapp/ access control (GHSA-53gx-j3p6-2rw9)