CVE-2026-25492
📋 TL;DR
This vulnerability in Craft CMS allows authenticated attackers with permission to use the save_images_Asset GraphQL mutation to bypass hostname validation and fetch internal URLs, potentially retrieving sensitive data like AWS instance metadata credentials. It affects Craft CMS versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21. The issue occurs when non-image file extensions are allowed, bypassing downstream image validation.
💻 Affected Systems
- Craft CMS
📦 What is this software?
Craft Cms by Craftcms
Craft Cms by Craftcms
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain AWS instance metadata credentials, leading to cloud environment compromise, data exfiltration, and lateral movement within the infrastructure.
Likely Case
Unauthorized access to internal services and sensitive data from the underlying host, potentially including configuration files, credentials, and internal API responses.
If Mitigated
Limited impact due to proper network segmentation, internal service authentication, and restricted GraphQL mutation permissions.
🎯 Exploit Status
Exploitation requires authenticated access and specific permissions, but the technique is straightforward once those conditions are met.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.16.18 and 5.8.22
Vendor Advisory: https://github.com/craftcms/cms/security/advisories/GHSA-96pq-hxpw-rgh8
Restart Required: Yes
Instructions:
1. Backup your Craft CMS installation and database. 2. Update Craft CMS to version 4.16.18 or 5.8.22 using Composer: composer require craftcms/cms:"^4.16.18" or composer require craftcms/cms:"^5.8.22". 3. Clear caches and restart your web server.
🔧 Temporary Workarounds
Restrict GraphQL Mutation Permissions
allTemporarily remove or restrict permissions for the save_images_Asset GraphQL mutation from all user roles.
Block Internal Network Access
allConfigure network firewall rules to block outbound connections from web servers to internal metadata services and private IP ranges.
🧯 If You Can't Patch
- Implement strict network segmentation to prevent web servers from accessing internal metadata services and sensitive internal endpoints.
- Review and restrict user permissions for GraphQL mutations, particularly save_images_Asset, to only essential administrators.
🔍 How to Verify
Check if Vulnerable:
Check Craft CMS version in admin panel or via composer show craftcms/cms. If version is between 3.5.0-4.16.17 or 5.0.0-RC1-5.8.21, system is vulnerable.Check Version:
composer show craftcms/cms | grep versionsVerify Fix Applied:
Confirm version is 4.16.18 or higher for Craft 4, or 5.8.22 or higher for Craft 5. Test that save_images_Asset mutation properly validates hostnames.📡 Detection & Monitoring
Log Indicators:
- Unusual GraphQL queries to save_images_Asset with non-image file extensions
- Requests to internal IP addresses or metadata endpoints from web server
Network Indicators:
- Outbound connections from web server to AWS metadata service (169.254.169.254) or internal IP ranges
SIEM Query:
source="web_logs" AND (mutation="save_images_Asset" AND (extension="txt" OR extension!~"jpg|png|gif|webp"))