CVE-2025-66844

In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered

Published Dec 16, 2025

https://github.com/advisories/GHSA-729w-j79f-2c34

CVSS ScoreCritical

9.1

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-66844

In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered

Published Dec 16, 2025

https://github.com/advisories/GHSA-729w-j79f-2c34

CVSS ScoreCritical

9.1


composer	getgrav/grav	0.8.0
composer	getgrav/grav	0.9.0
composer	getgrav/grav	0.9.10
composer	getgrav/grav	0.9.11
composer	getgrav/grav	0.9.12
composer	getgrav/grav	0.9.13
composer	getgrav/grav	0.9.14
composer	getgrav/grav	0.9.15
composer	getgrav/grav	0.9.16
composer	getgrav/grav	0.9.17
composer	getgrav/grav	0.9.18
composer	getgrav/grav	0.9.19
composer	getgrav/grav	0.9.1
composer	getgrav/grav	0.9.20
composer	getgrav/grav	0.9.21
composer	getgrav/grav	0.9.22
composer	getgrav/grav	0.9.23
composer	getgrav/grav	0.9.24
composer	getgrav/grav	0.9.25
composer	getgrav/grav	0.9.26
composer	getgrav/grav	0.9.27
composer	getgrav/grav	0.9.28
composer	getgrav/grav	0.9.29
composer	getgrav/grav	0.9.2
composer	getgrav/grav	0.9.30
composer	getgrav/grav	0.9.31
composer	getgrav/grav	0.9.32
composer	getgrav/grav	0.9.33
composer	getgrav/grav	0.9.34
composer	getgrav/grav	0.9.35
composer	getgrav/grav	0.9.36
composer	getgrav/grav	0.9.37
composer	getgrav/grav	0.9.38
composer	getgrav/grav	0.9.39
composer	getgrav/grav	0.9.3
composer	getgrav/grav	0.9.40
composer	getgrav/grav	0.9.41
composer	getgrav/grav	0.9.42
composer	getgrav/grav	0.9.43
composer	getgrav/grav	0.9.44
composer	getgrav/grav	0.9.45
composer	getgrav/grav	0.9.4
composer	getgrav/grav	0.9.5
composer	getgrav/grav	0.9.6
composer	getgrav/grav	0.9.7
composer	getgrav/grav	0.9.8
composer	getgrav/grav	0.9.9
composer	getgrav/grav	1.0.0-rc.1
composer	getgrav/grav	1.0.0-rc.2
composer	getgrav/grav	1.0.0-rc.3

Ecosystem	Package	Version


composer	getgrav/grav	0.8.0
composer	getgrav/grav	0.9.0
composer	getgrav/grav	0.9.10
composer	getgrav/grav	0.9.11
composer	getgrav/grav	0.9.12
composer	getgrav/grav	0.9.13
composer	getgrav/grav	0.9.14
composer	getgrav/grav	0.9.15
composer	getgrav/grav	0.9.16
composer	getgrav/grav	0.9.17
composer	getgrav/grav	0.9.18
composer	getgrav/grav	0.9.19
composer	getgrav/grav	0.9.1
composer	getgrav/grav	0.9.20
composer	getgrav/grav	0.9.21
composer	getgrav/grav	0.9.22
composer	getgrav/grav	0.9.23
composer	getgrav/grav	0.9.24
composer	getgrav/grav	0.9.25
composer	getgrav/grav	0.9.26
composer	getgrav/grav	0.9.27
composer	getgrav/grav	0.9.28
composer	getgrav/grav	0.9.29
composer	getgrav/grav	0.9.2
composer	getgrav/grav	0.9.30
composer	getgrav/grav	0.9.31
composer	getgrav/grav	0.9.32
composer	getgrav/grav	0.9.33
composer	getgrav/grav	0.9.34
composer	getgrav/grav	0.9.35
composer	getgrav/grav	0.9.36
composer	getgrav/grav	0.9.37
composer	getgrav/grav	0.9.38
composer	getgrav/grav	0.9.39
composer	getgrav/grav	0.9.3
composer	getgrav/grav	0.9.40
composer	getgrav/grav	0.9.41
composer	getgrav/grav	0.9.42
composer	getgrav/grav	0.9.43
composer	getgrav/grav	0.9.44
composer	getgrav/grav	0.9.45
composer	getgrav/grav	0.9.4
composer	getgrav/grav	0.9.5
composer	getgrav/grav	0.9.6
composer	getgrav/grav	0.9.7
composer	getgrav/grav	0.9.8
composer	getgrav/grav	0.9.9
composer	getgrav/grav	1.0.0-rc.1
composer	getgrav/grav	1.0.0-rc.2
composer	getgrav/grav	1.0.0-rc.3

Find vulnerabilities. Fix fast with AI.

CVE-2025-66844

CVE-2025-66844