CVE-2025-66304 — MEDIUM (6.2)

Q: How severe is CVE-2025-66304?

CVE-2025-66304 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-66304?

Check the references section above for vendor advisories and patch information. Affected products include: Getgrav Grav.

Vulnerability Description

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privilege escalation if an attacker can crack these password hashes. This vulnerability is fixed in 1.8.0-beta.27.

CVSS Score

6.2

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Getgrav	Grav	>= 1.7.46, < 1.8.0

Related Weaknesses (CWE)

CWE-201 CWE-200

References

https://github.com/getgrav/grav/commit/9d11094e4133f059688fad1e00dbe96fb6e3ead7Patch
https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85ExploitVendor Advisory
https://github.com/getgrav/grav/security/advisories/GHSA-gq3g-666w-7h85ExploitVendor Advisory

FAQ

What is CVE-2025-66304?

CVE-2025-66304 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the adm...

How severe is CVE-2025-66304?

CVE-2025-66304 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-66304?

Check the references section above for vendor advisories and patch information. Affected products include: Getgrav Grav.