Cybersecurity Vulnerabilities

CVE-2025-66312: Secure Your Grav CMS! Stored XSS Vulnerability Patched in Admin Plugin

December 2, 2025 - By 

Overview

CVE-2025-66312 is a Stored Cross-Site Scripting (XSS) vulnerability found in the Admin plugin for Grav CMS, a flat-file content management system. This vulnerability affects versions prior to 1.11.0-beta.1. The Admin plugin provides a user-friendly HTML interface for configuring Grav and managing content. Successful exploitation of this vulnerability allows attackers to inject malicious JavaScript code that will be stored on the server and executed in the browsers of other users who access the affected pages.

Technical Details

The vulnerability exists within the /admin/accounts/groups/Grupo endpoint of the Grav application. Specifically, the data[readableName] parameter is susceptible to Stored XSS. An attacker can inject malicious scripts into this parameter, which are then stored in the Grav database or configuration files. When a user views the group details or related pages within the Grav admin panel, the injected script is executed, potentially allowing the attacker to perform actions on behalf of the user, steal sensitive information, or deface the website.

CVSS Analysis

As of this writing, a CVSS score and severity rating have not been formally assigned to CVE-2025-66312 by NVD or other official sources. However, given the nature of a Stored XSS vulnerability, it’s likely to be rated as medium to high severity depending on the scope of impact and attack complexity. A stored XSS can allow for persistent compromise.

Possible Impact

Exploitation of this Stored XSS vulnerability could have significant consequences:

  • Account Takeover: An attacker could potentially steal administrator cookies or credentials, leading to complete control of the Grav CMS installation.
  • Website Defacement: Malicious scripts could modify the content and appearance of the website, damaging its reputation.
  • Malware Distribution: The injected scripts could redirect users to malicious websites or initiate downloads of malware.
  • Data Theft: Sensitive data stored within the Grav CMS installation or accessed through the administrator panel could be compromised.

Mitigation or Patch Steps

The vulnerability has been fixed in Grav Admin plugin version 1.11.0-beta.1. To mitigate this risk, immediately update your Grav installation to the latest version, including the Admin plugin.

  1. Update Grav and Admin Plugin: The most effective solution is to update your Grav installation, specifically the Admin plugin, to version 1.11.0-beta.1 or later. This version contains the necessary security patch to address the XSS vulnerability.
  2. Verify Update: After updating, confirm that the Admin plugin version is indeed 1.11.0-beta.1 or higher.

References

Grav Admin Plugin Commit (Fix): github.com
Grav Security Advisory: GHSA-rmw5-f87r-w988: github.com

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *