CVE-2025-66306 | grav up to 1.8.0-beta.27 authorization (GHSA-4cwq-j7jv-qmwg)

December 1, 2025 Yanac

A vulnerability, which was classified as problematic, has been found in grav up to 1.8.0-beta.27. This affects an unknown part. The manipulation leads to authorization bypass.

This vulnerability is traded as CVE-2025-66306. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More

CVE-2025-13837 | Python CPython up to 3.14.x Plistlib resource consumption (ID 119342)
CVE-2025-66305 | grav up to 1.8.0-beta.27 /admin/config/system uncaught exception (GHSA-m8vh-v6r6-w7p6)