CVE-2025-9862

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-9862

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9862.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-9862

Aliases

Published

2025-09-17T15:15:43.937Z

Modified

2026-04-10T05:36:48.635778Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.

References

Affected packages

Git / github.com/tryghost/ghost

Affected ranges

Type

GIT

Repo

https://github.com/tryghost/ghost

Events

Introduced

41041f9b9685e81a42f7d09d2058f5e7685fe3d2

Last affected

fcb129f2fb4e00d2df9f06b080e3a8edcd19b30d

Introduced

5b8c97dcb46ae3d552a2f05531723f14c8f806a7

Last affected

9613411e203f8646fd8e78203e0016cd1c8aedc5

Fixed

c076dcc64d4af99dca0ecc380d5f4df04fc2a0fd

Database specific

{
    "versions": [
        {
            "introduced": "5.99.0"
        },
        {
            "last_affected": "5.130.3"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.0.8"
        }
    ]
}

Affected versions

v5.*

v5.100.0

v5.101.0

v5.101.4

v5.101.6

v5.102.0

v5.103.0

v5.104.0

v5.105.0

v5.106.0

v5.106.1

v5.107.0

v5.108.0

v5.108.1

v5.109.0

v5.109.3

v5.109.6

v5.110.0

v5.110.2

v5.111.0

v5.112.0

v5.113.0

v5.114.0

v5.115.1

v5.116.0

v5.116.2

v5.117.0

v5.118.0

v5.118.1

v5.119.0

v5.119.2

v5.120.0

v5.120.2

v5.121.0

v5.122.0

v5.125.1

v5.126.0

v5.127.0

v5.127.1

v5.128.0

v5.129.0

v5.129.1

v5.129.2

v5.130.0

v5.130.1

v5.130.3

v5.99.0

v6.*

v6.0.0

v6.0.1

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9862.json"