Moderate severityNVD Advisory· Published Sep 17, 2025· Updated Sep 17, 2025
Ghost 6.0.6 - SSRF via oEmbed Bookmark
CVE-2025-9862
Description
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ghostnpm | >= 6.0.0, < 6.0.9 | 6.0.9 |
ghostnpm | >= 5.99.0, < 5.130.4 | 5.130.4 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/TryGhost/Ghost/releases/tag/v6.0.9ghsapatchWEB
- fluidattacks.com/advisories/regidaghsathird-party-advisoryWEB
- github.com/TryGhost/Ghost/security/advisories/GHSA-f7qg-xj45-w956ghsavendor-advisoryWEB
- github.com/advisories/GHSA-f7qg-xj45-w956ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-9862ghsaADVISORY
- github.com/TryGhost/Ghost/commit/01d64c7c0ffbf90cd036195c60ded6d08077d612ghsaWEB
- github.com/TryGhost/Ghost/commit/ffe9d079afa68557c581d224f1ff126e625b06e3ghsaWEB
News mentions
0No linked articles in our index yet.