Critical severityOSV Advisory· Published Dec 15, 2025· Updated Dec 16, 2025
CVE-2025-66844
CVE-2025-66844
Description
In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
getgrav/gravPackagist | <= 1.7.49.5 | — |
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-729w-j79f-2c34ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-66844ghsaADVISORY
- github.com/Yohane-Mashiro/grav_cve/issues/2ghsaWEB
News mentions
0No linked articles in our index yet.