CVE-2025-66304

Опубликовано: 01 дек. 2025

Источник: nvd

CVSS3: 6.2

CVSS3: 7.2

EPSS Низкий

Описание

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack these password hashes. This vulnerability is fixed in 1.8.0-beta.27.

Ссылки

https://github.com/getgrav/grav/commit/9d11094e4133f059688fad1e00dbe96fb6e3ead7
Patch
https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85
Exploit
Vendor Advisory
https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*

Версия от 1.7.46 (включая) до 1.8.0 (исключая)

cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*

cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00076

Низкий

6.2 Medium

CVSS3

7.2 High

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-gq3g-666w-7h85

CVSS3: 6.2

github

2 месяца назад

Grav Exposes Password Hashes Leading to privilege escalation

EPSS

Процентиль: 23%

0.00076

Низкий

6.2 Medium

CVSS3

7.2 High

CVSS3

Дефекты

CWE-200