{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T17:16:25.945","vulnerabilities":[{"cve":{"id":"CVE-2025-66305","sourceIdentifier":"security-advisories@github.com","published":"2025-12-01T22:15:50.250","lastModified":"2025-12-03T18:50:11.847","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service (DoS) vulnerability was identified in the \"Languages\" submenu of the Grav admin configuration panel (/admin/config/system). Specifically, the Supported parameter fails to properly validate user input. If a malformed value is inserted—such as a single forward slash (/) or an XSS test string—it causes a fatal regular expression parsing error on the server. This leads to application-wide failure due to the use of the preg_match() function with an improperly constructed regular expression, resulting in an error. Once triggered, the site becomes completely unavailable to all users. This vulnerability is fixed in 1.8.0-beta.27."},{"lang":"es","value":"Grav es una plataforma web basada en archivos. Versiones anteriores a la 1.8.0-beta.27, se identificó una vulnerabilidad de denegación de servicio (DoS) en el submenú 'Idiomas' del panel de configuración de administración de Grav (/admin/config/system). Específicamente, el parámetro Supported no valida correctamente la entrada del usuario. Si se inserta un valor malformado —como una sola barra inclinada (/) o una cadena de prueba XSS—, provoca un error fatal de análisis de expresión regular en el servidor. Esto conduce a una falla en toda la aplicación debido al uso de la función preg_match() con una expresión regular construida incorrectamente, lo que resulta en un error. Una vez activado, el sitio queda completamente no disponible para todos los usuarios. Esta vulnerabilidad se corrige en la 1.8.0-beta.27."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-248"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*","versionStartIncluding":"1.7.48","versionEndExcluding":"1.8.0","matchCriteriaId":"EAC8A2F1-9318-4224-9CF5-D3EFE16E81F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*","matchCriteriaId":"8A383F2E-C6BA-440B-B648-A3313B7D91C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*","matchCriteriaId":"F7EF2DEC-2798-4D0D-9C27-0F01BAFEAEFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*","matchCriteriaId":"530C6F64-F30B-4E93-9A12-D9625EA57483"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*","matchCriteriaId":"9AC28BF9-626D-4514-91F0-F81DAB5D3602"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*","matchCriteriaId":"307AA375-E531-4AE5-BA79-2F9D4DE7A05F"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*","matchCriteriaId":"C2E3E312-485D-42B0-B465-64B6438CDCAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*","matchCriteriaId":"5BE4B2F9-1B6D-4D18-916A-5C95A3213222"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*","matchCriteriaId":"763207F0-92D1-4274-A30A-DE634C5852C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*","matchCriteriaId":"1DE8F350-BA07-4DAA-AE4B-5E0A532B6828"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*","matchCriteriaId":"F9150B94-0DF3-43F3-9806-39787A6C0E4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*","matchCriteriaId":"BAA7C7EC-8FB2-445D-8A02-1743D87F5416"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*","matchCriteriaId":"7A6BEA2A-D534-4C9E-811A-8A46E214C46D"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*","matchCriteriaId":"7A644F57-FF39-4262-9796-7C4F3B0851C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*","matchCriteriaId":"B2AFB9E7-084E-497B-B0FC-CA6A5033C5BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*","matchCriteriaId":"5C5E8823-9083-4FFA-9897-CAD0340DCE68"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*","matchCriteriaId":"9C048938-E0EC-4AD0-9847-FD74E6770FE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*","matchCriteriaId":"F7B43876-1445-418A-9707-E692FDF62C4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*","matchCriteriaId":"94B209DE-01C6-41BA-B912-CF57849A9F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*","matchCriteriaId":"AB53AA10-87A5-4010-8019-BF4AA5ABC12B"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*","matchCriteriaId":"775E0913-F3EF-4A55-B162-5BF9C6E2E641"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*","matchCriteriaId":"3C3E022E-35CB-40AD-959A-F39949E38BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*","matchCriteriaId":"8779C813-A81A-4E21-AB86-6193933568BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*","matchCriteriaId":"B608EDD4-207A-41A7-A60D-496FDA8EAFEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*","matchCriteriaId":"AE1F2253-3EE0-4ADD-B8A5-C882A60FC626"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*","matchCriteriaId":"81D4C859-5560-42F1-ACD9-65210E523F28"},{"vulnerable":true,"criteria":"cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*","matchCriteriaId":"156707A7-9507-4AC1-9CD0-90E32836E9DF"}]}]}],"references":[{"url":"https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-m8vh-v6r6-w7p6","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-m8vh-v6r6-w7p6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}