CVE-2025-66304 (GCVE-0-2025-66304)
Vulnerability from cvelistv5 – Published: 2025-12-01 21:40 – Updated: 2025-12-02 20:15
VLAI?
Title
Grav Exposes Password Hashes Leading to privilege escalation
Summary
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack these password hashes. This vulnerability is fixed in 1.8.0-beta.27.
Severity ?
6.2 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66304",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T20:15:09.292478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T20:15:13.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.0-beta.27"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack these password hashes. This vulnerability is fixed in 1.8.0-beta.27."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T21:40:11.511Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85"
},
{
"name": "https://github.com/getgrav/grav/commit/9d11094e4133f059688fad1e00dbe96fb6e3ead7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav/commit/9d11094e4133f059688fad1e00dbe96fb6e3ead7"
}
],
"source": {
"advisory": "GHSA-gq3g-666w-7h85",
"discovery": "UNKNOWN"
},
"title": "Grav Exposes Password Hashes Leading to privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66304",
"datePublished": "2025-12-01T21:40:11.511Z",
"dateReserved": "2025-11-26T23:11:46.395Z",
"dateUpdated": "2025-12-02T20:15:13.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-66304\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-12-01T22:15:50.080\",\"lastModified\":\"2025-12-03T18:57:54.023\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack these password hashes. This vulnerability is fixed in 1.8.0-beta.27.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.7,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-201\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.7.46\",\"versionEndExcluding\":\"1.8.0\",\"matchCriteriaId\":\"A9B3FCDC-ADBD-4023-9AC7-154642622421\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A383F2E-C6BA-440B-B648-A3313B7D91C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7EF2DEC-2798-4D0D-9C27-0F01BAFEAEFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*\",\"matchCriteriaId\":\"530C6F64-F30B-4E93-9A12-D9625EA57483\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AC28BF9-626D-4514-91F0-F81DAB5D3602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*\",\"matchCriteriaId\":\"307AA375-E531-4AE5-BA79-2F9D4DE7A05F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2E3E312-485D-42B0-B465-64B6438CDCAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BE4B2F9-1B6D-4D18-916A-5C95A3213222\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*\",\"matchCriteriaId\":\"763207F0-92D1-4274-A30A-DE634C5852C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DE8F350-BA07-4DAA-AE4B-5E0A532B6828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9150B94-0DF3-43F3-9806-39787A6C0E4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAA7C7EC-8FB2-445D-8A02-1743D87F5416\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A6BEA2A-D534-4C9E-811A-8A46E214C46D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A644F57-FF39-4262-9796-7C4F3B0851C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2AFB9E7-084E-497B-B0FC-CA6A5033C5BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C5E8823-9083-4FFA-9897-CAD0340DCE68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C048938-E0EC-4AD0-9847-FD74E6770FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7B43876-1445-418A-9707-E692FDF62C4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*\",\"matchCriteriaId\":\"94B209DE-01C6-41BA-B912-CF57849A9F7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB53AA10-87A5-4010-8019-BF4AA5ABC12B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"775E0913-F3EF-4A55-B162-5BF9C6E2E641\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C3E022E-35CB-40AD-959A-F39949E38BD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"8779C813-A81A-4E21-AB86-6193933568BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*\",\"matchCriteriaId\":\"B608EDD4-207A-41A7-A60D-496FDA8EAFEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1F2253-3EE0-4ADD-B8A5-C882A60FC626\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*\",\"matchCriteriaId\":\"81D4C859-5560-42F1-ACD9-65210E523F28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*\",\"matchCriteriaId\":\"156707A7-9507-4AC1-9CD0-90E32836E9DF\"}]}]}],\"references\":[{\"url\":\"https://github.com/getgrav/grav/commit/9d11094e4133f059688fad1e00dbe96fb6e3ead7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-66304\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-02T20:15:09.292478Z\"}}}], \"references\": [{\"url\": \"https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-02T20:15:02.820Z\"}}], \"cna\": {\"title\": \"Grav Exposes Password Hashes Leading to privilege escalation\", \"source\": {\"advisory\": \"GHSA-gq3g-666w-7h85\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"getgrav\", \"product\": \"grav\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.8.0-beta.27\"}]}], \"references\": [{\"url\": \"https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85\", \"name\": \"https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/getgrav/grav/commit/9d11094e4133f059688fad1e00dbe96fb6e3ead7\", \"name\": \"https://github.com/getgrav/grav/commit/9d11094e4133f059688fad1e00dbe96fb6e3ead7\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack these password hashes. This vulnerability is fixed in 1.8.0-beta.27.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-201\", \"description\": \"CWE-201: Insertion of Sensitive Information Into Sent Data\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-12-01T21:40:11.511Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-66304\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-02T20:15:13.071Z\", \"dateReserved\": \"2025-11-26T23:11:46.395Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-12-01T21:40:11.511Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2025-66304
Vulnerability from fkie_nvd - Published: 2025-12-01 22:15 - Updated: 2025-12-03 18:57
Severity ?
6.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack these password hashes. This vulnerability is fixed in 1.8.0-beta.27.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getgrav | grav | * | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 | |
| getgrav | grav | 1.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B3FCDC-ADBD-4023-9AC7-154642622421",
"versionEndExcluding": "1.8.0",
"versionStartIncluding": "1.7.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8A383F2E-C6BA-440B-B648-A3313B7D91C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "F7EF2DEC-2798-4D0D-9C27-0F01BAFEAEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "530C6F64-F30B-4E93-9A12-D9625EA57483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9AC28BF9-626D-4514-91F0-F81DAB5D3602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "307AA375-E531-4AE5-BA79-2F9D4DE7A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "C2E3E312-485D-42B0-B465-64B6438CDCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "5BE4B2F9-1B6D-4D18-916A-5C95A3213222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "763207F0-92D1-4274-A30A-DE634C5852C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "1DE8F350-BA07-4DAA-AE4B-5E0A532B6828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "F9150B94-0DF3-43F3-9806-39787A6C0E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "BAA7C7EC-8FB2-445D-8A02-1743D87F5416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7A6BEA2A-D534-4C9E-811A-8A46E214C46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "7A644F57-FF39-4262-9796-7C4F3B0851C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB9E7-084E-497B-B0FC-CA6A5033C5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "5C5E8823-9083-4FFA-9897-CAD0340DCE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "9C048938-E0EC-4AD0-9847-FD74E6770FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "F7B43876-1445-418A-9707-E692FDF62C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "94B209DE-01C6-41BA-B912-CF57849A9F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*",
"matchCriteriaId": "AB53AA10-87A5-4010-8019-BF4AA5ABC12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "775E0913-F3EF-4A55-B162-5BF9C6E2E641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3C3E022E-35CB-40AD-959A-F39949E38BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8779C813-A81A-4E21-AB86-6193933568BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B608EDD4-207A-41A7-A60D-496FDA8EAFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "AE1F2253-3EE0-4ADD-B8A5-C882A60FC626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "81D4C859-5560-42F1-ACD9-65210E523F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "156707A7-9507-4AC1-9CD0-90E32836E9DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack these password hashes. This vulnerability is fixed in 1.8.0-beta.27."
}
],
"id": "CVE-2025-66304",
"lastModified": "2025-12-03T18:57:54.023",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-12-01T22:15:50.080",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/getgrav/grav/commit/9d11094e4133f059688fad1e00dbe96fb6e3ead7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-201"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CNVD-2025-30338
Vulnerability from cnvd - Published: 2025-12-09
VLAI Severity ?
Title
Grav权限提升漏洞
Description
Grav是一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS(内容管理系统)。
Grav存在权限提升漏洞,该漏洞源于密码哈希泄露,攻击者可利用该漏洞导致权限提升。
Severity
中
Patch Name
Grav权限提升漏洞的补丁
Patch Description
Grav是一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS(内容管理系统)。
Grav存在权限提升漏洞,该漏洞源于密码哈希泄露,攻击者可利用该漏洞导致权限提升。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级程序修复该安全问题,详情见厂商官网: https://getgrav.org/downloads
Reference
https://github.com/getgrav/grav/commit/9d11094e4133f059688fad1e00dbe96fb6e3ead7
Impacted products
| Name | Grav Grav <1.8.0-beta.27 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-66304",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-66304"
}
},
"description": "Grav\u662f\u4e00\u5957\u53ef\u6269\u5c55\u7684\u7528\u4e8e\u4e2a\u4eba\u535a\u5ba2\u3001\u5c0f\u578b\u5185\u5bb9\u53d1\u5e03\u5e73\u53f0\u548c\u5355\u9875\u4ea7\u54c1\u5c55\u793a\u7684CMS\uff08\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff09\u3002\n\nGrav\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bc6\u7801\u54c8\u5e0c\u6cc4\u9732\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6743\u9650\u63d0\u5347\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51:\r\nhttps://getgrav.org/downloads",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-30338",
"openTime": "2025-12-09",
"patchDescription": "Grav\u662f\u4e00\u5957\u53ef\u6269\u5c55\u7684\u7528\u4e8e\u4e2a\u4eba\u535a\u5ba2\u3001\u5c0f\u578b\u5185\u5bb9\u53d1\u5e03\u5e73\u53f0\u548c\u5355\u9875\u4ea7\u54c1\u5c55\u793a\u7684CMS\uff08\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff09\u3002\r\n\r\nGrav\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bc6\u7801\u54c8\u5e0c\u6cc4\u9732\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6743\u9650\u63d0\u5347\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Grav\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Grav Grav \u003c1.8.0-beta.27"
},
"referenceLink": "https://github.com/getgrav/grav/commit/9d11094e4133f059688fad1e00dbe96fb6e3ead7",
"serverity": "\u4e2d",
"submitTime": "2025-12-03",
"title": "Grav\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}
GHSA-GQ3G-666W-7H85
Vulnerability from github – Published: 2025-12-02 00:37 – Updated: 2025-12-02 00:37
VLAI?
Summary
Grav Exposes Password Hashes Leading to privilege escalation
Details
Exposure of Password Hashes Leading to privilege escalation
Severity Rating: Medium
Vector: Privilege Escalation
CVE: XXX
CWE: 200 - Exposure of Sensitive Information
CVSS Score: 6.2
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
Analysis
It was observed that if a users is given read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack these password hashes.
An attacker with read access can: * View and potentially crack the password hashes. * Gain administrative access by cracking the admin password hash. * Escalate privileges and compromise the entire admin panel.
Proof of Concept
1) Give read access to user accounts to a random user as shown in the following figures:
2) Log in to the admin panel with an account that has read access to user accounts and navigate to the user account management section.
3) Go to the admin profile http://127.0.0.1/admin/accounts/users/admin; The password is not display. Try inspecting the page source code as shown in the following figures:
You can see that it match the hash that is in the admin.yaml file :
4) Crack the hash as shown in the following figure, the algorithm use here is bcrypt:
Workarounds
No workaround is currently known
Timeline
2024-07-24 Issue identified
2024-09-27 Vendor contacted
About X41 D-Sec GmbH
X41 is an expert provider for application security services. Having extensive industry experience and expertise in the area of information security, a strong core security team of world class security experts enables X41 to perform premium security services.
Fields of expertise in the area of application security are security centered code reviews, binary reverse engineering and vulnerability discovery. Custom research and IT security consulting and support services are core competencies of X41.
Severity ?
6.2 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "getgrav/grav"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.0-beta.27"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66304"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-201"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-02T00:37:07Z",
"nvd_published_at": "2025-12-01T22:15:50Z",
"severity": "MODERATE"
},
"details": "# Exposure of Password Hashes Leading to privilege escalation\n**Severity Rating:** Medium \n\n**Vector:** Privilege Escalation\n\n**CVE:** XXX\n\n**CWE:** 200 - Exposure of Sensitive Information\n\n**CVSS Score:** 6.2\n\n**CVSS Vector:** CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L\n\n## Analysis\n\nIt was observed that if a users is given read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack these password hashes.\n\nAn attacker with read access can: \n* View and potentially crack the password hashes.\n* Gain administrative access by cracking the admin password hash.\n* Escalate privileges and compromise the entire admin panel.\n\n\n## Proof of Concept\n\n1) Give read access to user accounts to a random user as shown in the following figures:\n \n \n \n\n2) Log in to the admin panel with an account that has read access to user accounts and navigate to the user account management section.\n\n3) Go to the admin profile `http://127.0.0.1/admin/accounts/users/admin`; The password is not display. Try inspecting the page source code as shown in the following figures:\n \n \n You can see that it match the hash that is in the admin.yaml file :\n \n \n\n4) Crack the hash as shown in the following figure, the algorithm use here is bcrypt:\n \n\n \n\n## Workarounds\nNo workaround is currently known\n\n# Timeline\n**2024-07-24** Issue identified\n\n**2024-09-27** Vendor contacted\n\n\n# About X41 D-Sec GmbH\nX41 is an expert provider for application security services.\nHaving extensive industry experience and expertise in the area of information\nsecurity, a strong core security team of world class security experts enables\nX41 to perform premium security services.\n\nFields of expertise in the area of application security are security centered\ncode reviews, binary reverse engineering and vulnerability discovery.\nCustom research and IT security consulting and support services are core\ncompetencies of X41.",
"id": "GHSA-gq3g-666w-7h85",
"modified": "2025-12-02T00:37:07Z",
"published": "2025-12-02T00:37:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66304"
},
{
"type": "WEB",
"url": "https://github.com/getgrav/grav/commit/9d11094e4133f059688fad1e00dbe96fb6e3ead7"
},
{
"type": "PACKAGE",
"url": "https://github.com/getgrav/grav"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Grav Exposes Password Hashes Leading to privilege escalation"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…