CVE-2025-66301 | grav up to 1.8.0-beta.27 POST Request /admin/pages/ page_name improper authorization

A vulnerability categorized as critical has been discovered in grav up to 1.8.0-beta.27. This vulnerability affects unknown code of the file /admin/pages/ of the component POST Request Handler. Such manipulation of the argument page_name leads to improper authorization.

This vulnerability is listed as CVE-2025-66301. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More