CVE-2025-66295 | grav up to 1.8.0-beta.27 YAML File Parser /Nijat email/fullname/twofa_secret/hashed_password path traversal (GHSA-h756-wh59-hhjv)

A vulnerability was found in grav up to 1.8.0-beta.27. It has been declared as critical. This issue affects some unknown processing of the file /Nijat of the component YAML File Parser. Such manipulation of the argument email/fullname/twofa_secret/hashed_password leads to path traversal.

This vulnerability is referenced as CVE-2025-66295. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More