CVE-2025-66307 | grav up to 1.10.x Admin Plugin /admin/forgot observable response discrepancy (GHSA-q3qx-cp62-f6m7)

A vulnerability described as problematic has been identified in grav up to 1.10.x. Affected is an unknown function of the file /admin/forgot of the component Admin Plugin. Such manipulation leads to observable response discrepancy.

This vulnerability is documented as CVE-2025-66307. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More