CVE-2025-66296

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-66296

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66296.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-66296

Aliases

GHSA-cjcp-qxvg-4rjm

Published

2025-12-01T21:03:07.231Z

Modified

2026-04-10T05:34:16.355472Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover

Details

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an existing administrator account, set a new password/email, and then log in as that administrator. This effectively allows privilege escalation from limited user-manager permissions to full administrator access. This vulnerability is fixed in 1.8.0-beta.27.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66296.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-266"
    ]
}

References

Affected packages

Git / github.com/getgrav/grav

Affected ranges

Type: GIT
Repo: https://github.com/getgrav/grav
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0f879bd1d44863dfcf77d7cb640dab604a0dcce2

Affected versions

0.*

0.8.0

0.9.0

0.9.10

0.9.11

0.9.12

0.9.13

0.9.14

0.9.15

0.9.16

0.9.17

0.9.18

0.9.19

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

1.*

1.1.0-beta.1

1.1.0-beta.2

1.1.0-beta.3

1.1.0-beta.4

1.1.0-beta.5

1.1.0-rc.1

1.1.0-rc.2

1.1.0-rc.3

1.1.9-rc.1

1.1.9-rc.2

1.1.9-rc.3

1.2.0-rc.1

1.2.0-rc.2

1.2.0-rc.3

1.3.0-rc.1

1.3.0-rc.3

1.3.0-rc.4

1.3.0-rc.5

1.5.0-beta.1

1.5.0-beta.2

1.5.0-rc.1

1.6.0-beta.1

1.6.0-beta.2

1.6.0-beta.5

1.6.0-beta.6

1.6.0-beta.7

1.6.0-beta.8

1.6.0-rc.1

1.6.0-rc.2

1.6.0-rc.3

1.6.0-rc.4

1.7.0-beta.1

1.7.0-beta.10

1.7.0-beta.2

1.7.0-beta.3

1.7.0-beta.4

1.7.0-beta.5

1.7.0-beta.6

1.7.0-beta.7

1.7.0-beta.8

1.7.0-beta.9

1.7.0-rc.1

1.7.0-rc.10

1.7.0-rc.12

1.7.0-rc.13

1.7.0-rc.14

1.7.0-rc.15

1.7.0-rc.17

1.7.0-rc.18

1.7.0-rc.19

1.7.0-rc.2

1.7.0-rc.20

1.7.0-rc.3

1.7.0-rc.4

1.7.0-rc.5

1.7.0-rc.6

1.7.0-rc.7

1.7.0-rc.8

1.7.0-rc.9

1.8.0-beta.1

1.8.0-beta.10

1.8.0-beta.11

1.8.0-beta.12

1.8.0-beta.13

1.8.0-beta.14

1.8.0-beta.15

1.8.0-beta.16

1.8.0-beta.17

1.8.0-beta.18

1.8.0-beta.19

1.8.0-beta.2

1.8.0-beta.20

1.8.0-beta.21

1.8.0-beta.22

1.8.0-beta.23

1.8.0-beta.24

1.8.0-beta.25

1.8.0-beta.26

1.8.0-beta.3

1.8.0-beta.4

1.8.0-beta.5

1.8.0-beta.6

1.8.0-beta.7

1.8.0-beta.8

1.8.0-beta.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66296.json"