Vulnerabilities

CVE-2025-66844

by Fred · 15/12/2025

In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered More information : https://github.com/Yohane-Mashiro/grav_cve/issues/2

Similar

Tags: Cybersecurity Alert