CVE-2025-66305
📋 TL;DR
A Denial of Service vulnerability in Grav's admin panel allows attackers to crash the entire web application by submitting malformed input to the Languages configuration. This affects all Grav installations with admin panel access running versions before 1.8.0-beta.27. The vulnerability causes application-wide failure, making sites completely unavailable.
💻 Affected Systems
- Grav CMS
📦 What is this software?
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
Grav by Getgrav
⚠️ Risk & Real-World Impact
Worst Case
Complete application outage affecting all users until manual intervention restores service.
Likely Case
Temporary service disruption requiring administrator intervention to restart or patch the application.
If Mitigated
No impact if proper input validation is implemented or the admin panel is not exposed.
🎯 Exploit Status
Exploitation requires admin panel access. Simple malformed input triggers the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.8.0-beta.27
Vendor Advisory: https://github.com/getgrav/grav/security/advisories/GHSA-m8vh-v6r6-w7p6
Restart Required: Yes
Instructions:
1. Backup your Grav installation. 2. Update to version 1.8.0-beta.27 or later via GPM or manual update. 3. Clear cache. 4. Restart web server.
🔧 Temporary Workarounds
Restrict Admin Panel Access
allLimit access to the admin panel to trusted IP addresses only
# Configure web server to restrict /admin path to specific IPs
Disable Admin Panel
allTemporarily disable the admin panel if not needed
# Rename or remove the admin plugin folder
🧯 If You Can't Patch
- Implement strict input validation for the Supported parameter in the Languages configuration
- Monitor and restrict access to the /admin/config/system endpoint
🔍 How to Verify
Check if Vulnerable:
Check Grav version in admin panel or via CLI: php bin/grav versionCheck Version:
php bin/grav versionVerify Fix Applied:
Confirm version is 1.8.0-beta.27 or later and test admin panel functionality📡 Detection & Monitoring
Log Indicators:
- preg_match() errors in PHP logs
- 500 errors on /admin/config/system requests
- Application crash logs
Network Indicators:
- HTTP 500 responses from admin endpoints
- Sudden drop in application availability
SIEM Query:
source="php_error.log" AND "preg_match" AND "admin/config/system"