What is the CVSS score of CVE-2025-66297?

CVE-2025-66297 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Grav are affected by CVE-2025-66297?

Grav CMS instances running versions prior to 1.8.0-beta.27 are vulnerable to privilege escalation and remote code execution if admin users with page editing permissions are compromised or act…. A patch is available.

Is there a public PoC exploit available for CVE-2025-66297?

Yes, a public proof-of-concept exploit is available for CVE-2025-66297. Prioritise patching immediately. EPSS: 0.4%.

How to fix or mitigate CVE-2025-66297?

Within 24 hours: Identify all Grav CMS instances in your environment and determine their versions. Within 7 days: Apply the 1.8.0-beta.27 patch or later to all affected systems, prioritizing production environments. Within 30 days: Conduct a security audit of admin account activities and page modifications made during the vulnerability window; review access logs for suspicious Twig expressions in page frontmatter.

Grav CVE-2025-66297

EUVD-2025-200078 HIGH

Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336)

2025-12-01 security-advisories@github.com

GHSA-858q-77wx-hhx6

Privilege Escalation RCE Grav

8.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 13:34 euvd

EUVD-2025-200078

Analysis Generated

Mar 15, 2026 - 13:34 vuln.today

Patch released

Mar 15, 2026 - 13:34 nvd

Patch available

PoC Detected

Dec 03, 2025 - 15:58 vuln.today

Public exploit code

CVE Published

Dec 01, 2025 - 21:15 nvd

HIGH 8.8

DescriptionGitHub Advisory

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute arbitrary system commands via the scheduler API. This results in both Privilege Escalation (PE) and Remote Code Execution (RCE) vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27.

Analysis

Technical ContextAI

Remote code execution allows an attacker to run arbitrary commands or code on the target system over a network without prior authentication.

RemediationAI

A vendor patch is available — apply it immediately. Apply vendor patches immediately. Restrict network access to vulnerable services. Implement network segmentation and monitoring for anomalous activity.

CVE-2025-66297 vulnerability details – vuln.today

Back

Grav CVE-2025-66297

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code