CVE-2025-27515

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-27515

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27515.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-27515

Aliases

Downstream

DEBIAN-CVE-2025-27515

Published

2025-03-05T18:45:50.101Z

Modified

2026-04-10T05:24:07.262014Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Laravel has a File Validation Bypass

Details

Laravel is a web application framework. When using wildcard validation to validate a given file or image field (files.*), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.

Database specific

{
    "cwe_ids": [
        "CWE-155"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27515.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/laravel/framework

Affected ranges

Type

GIT

Repo

https://github.com/laravel/framework

Events

Introduced

bd8aeb64d3f9fa4b11690d702bdf289f5f32ae97

Fixed

9be5738f1ca1530055bb9d6db81f909a7ed34842

Database specific

{
    "versions": [
        {
            "introduced": "12.0.0"
        },
        {
            "fixed": "12.1.1"
        }
    ]
}

Type

GIT

Repo

https://github.com/laravel/framework

Events

Introduced

Fixed

0883d4175f4e2b5c299e7087ad3c74f2ce195c6d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "11.44.1"
        }
    ]
}

Affected versions

v11.*

v11.0.0

v11.0.1

v11.0.2

v11.0.3

v11.0.4

v11.0.5

v11.0.6

v11.0.7

v11.0.8

v11.1.0

v11.1.1

v11.10.0

v11.11.0

v11.11.1

v11.12.0

v11.13.0

v11.14.0

v11.15.0

v11.16.0

v11.17.0

v11.18.0

v11.18.1

v11.19.0

v11.2.0

v11.20.0

v11.21.0

v11.22.0

v11.23.0

v11.23.1

v11.23.2

v11.23.3

v11.23.4

v11.24.0

v11.24.1

v11.25.0

v11.26.0

v11.27.0

v11.27.1

v11.27.2

v11.28.0

v11.28.1

v11.29.0

v11.3.0

v11.3.1

v11.30.0

v11.31.0

v11.32.0

v11.33.0

v11.33.1

v11.33.2

v11.34.0

v11.34.1

v11.34.2

v11.35.0

v11.35.1

v11.36.0

v11.36.1

v11.37.0

v11.38.0

v11.38.1

v11.38.2

v11.39.0

v11.39.1

v11.4.0

v11.40.0

v11.41.0

v11.41.1

v11.41.2

v11.41.3

v11.42.0

v11.42.1

v11.43.0

v11.43.1

v11.43.2

v11.44.0

v11.5.0

v11.6.0

v11.7.0

v11.8.0

v11.9.0

v11.9.1

v11.9.2

v12.*

v12.0.0

v12.0.1

v12.1.0

v4.*

v4.0.0

v4.0.0-BETA2

v4.0.0-BETA3

v4.0.0-BETA4

v4.1.0

v5.*

v5.5.0

v5.5.1

v8.*

v8.0.0

v8.0.1

v8.0.2

v8.0.3

v8.0.4

v8.1.0

v8.11.0

v8.11.1

v8.11.2

v8.12.0

v8.12.1

v8.12.2

v8.12.3

v8.13.0

v8.14.0

v8.15.0

v8.16.0

v8.17.0

v8.17.1

v8.17.2

v8.2.0

v8.3.0

v8.4.0

v8.5.0

v8.6.0

v8.7.0

v8.7.1

v8.8.0

v8.9.0

v9.*

v9.0.0-beta.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27515.json"