CVE-2025-9862

Source
https://cve.org/CVERecord?id=CVE-2025-9862
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9862.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-9862
Aliases
Published
2025-09-17T15:02:01.533Z
Modified
2026-07-15T02:17:08.966128390Z
Severity
  • 6.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N CVSS Calculator
Summary
Ghost 6.0.6 - SSRF via oEmbed Bookmark
Details

Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.

Database specific
{
    "cna_assigner": "Fluid Attacks",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/9xxx/CVE-2025-9862.json",
    "cwe_ids": [
        "CWE-918"
    ]
}
References

Affected packages

Git / github.com/tryghost/ghost

Affected ranges

Type
GIT
Repo
https://github.com/tryghost/ghost
Events
Database specific
{
    "cpe": "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "5.99.0"
        },
        {
            "last_affected": "5.130.3"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.0.8"
        }
    ]
}

Affected versions

v5.*
v5.100.0
v5.101.0
v5.101.4
v5.101.6
v5.102.0
v5.103.0
v5.104.0
v5.105.0
v5.106.0
v5.106.1
v5.107.0
v5.108.0
v5.108.1
v5.109.0
v5.109.3
v5.109.6
v5.110.0
v5.110.2
v5.111.0
v5.112.0
v5.113.0
v5.114.0
v5.115.1
v5.116.0
v5.116.2
v5.117.0
v5.118.0
v5.118.1
v5.119.0
v5.119.2
v5.120.0
v5.120.2
v5.121.0
v5.122.0
v5.125.1
v5.126.0
v5.127.0
v5.127.1
v5.128.0
v5.129.0
v5.129.1
v5.129.2
v5.130.0
v5.130.1
v5.130.3
v5.99.0
v6.*
v6.0.0
v6.0.1
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9862.json"