Grist Core
CVE-2025-64752
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack escalation. This issue is fixed in version 1.7.7. The mitigation was to use the proxy for untrusted fetches intended for such purposes. As a workaround, avoid making http/https endpoints available to an instance running Grist that expose credentials or operate without credentials.
AnalysisAI
grist-core is a spreadsheet hosting server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack escalation. This issue is fixed in version 1.7.7. The mitigation was to use the proxy for untrusted fetches intended for such purposes. As a workaround, avoid making http/https endpoints available to an instance running Grist that expose credentials or operate without credentials. Affected products include: Getgrist Grist-Core. Version information: version 1.7.7.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.
More in Grist Core
View allGrist spreadsheet software has an injection vulnerability in Python formula execution that allows authenticated users to
Stored and reflected cross-site scripting in Grist (grist-core) before 1.7.15 lets an attacker place a javascript: URL i
Stored and reflected cross-site scripting in Grist (grist-core) prior to 1.7.15 lets a document editor inject script int
grist-core is a spreadsheet hosting server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable
grist-core is a spreadsheet hosting server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable
grist-core is a spreadsheet hosting server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable
Unauthorized schema disclosure in Grist Core prior to 1.7.15 allows any user with partial read access - explicitly inclu
grist-core is a spreadsheet hosting server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today