CVE-2025-66299: Getgrav Grav SSTI RCE Vulnerability

CVE-2025-66299 Overview

CVE-2025-66299 is a high-severity Server-Side Template Injection (SSTI) vulnerability affecting Grav CMS, a popular file-based Web platform. This vulnerability allows any authenticated user with editor permissions to execute arbitrary code on the remote server by bypassing the existing security sandbox. The flaw exists because the security sandbox does not fully protect the Twig templating engine object, enabling attackers to interact with it through maliciously crafted Twig template directives injected into web pages.

With a CVSS score of 8.8, this vulnerability poses significant risk to organizations running vulnerable Grav CMS installations. An authenticated attacker can leverage this flaw to add arbitrary functions to the system.twig.safe_filters attribute, effectively circumventing the Grav CMS sandbox protections and achieving remote code execution.

Critical Impact

Authenticated editors can bypass the Grav CMS security sandbox and execute arbitrary code on the server, potentially leading to complete system compromise, data exfiltration, and lateral movement within the network.

Affected Products

• Getgrav Grav versions prior to 1.8.0-beta.27
• Getgrav Grav 1.8.0-beta1 through 1.8.0-beta26
• All stable Grav CMS releases before the security patch

Discovery Timeline

• 2025-12-01 - CVE-2025-66299 published to NVD
• 2025-12-03 - Last updated in NVD database

Technical Details for CVE-2025-66299

Vulnerability Analysis

This Server-Side Template Injection vulnerability (CWE-94: Improper Control of Generation of Code) stems from insufficient isolation of the Twig templating engine within Grav CMS's security sandbox. The CVSS:3.1 vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H indicates:

• Attack Vector (AV:N): Network-accessible, exploitable remotely
• Attack Complexity (AC:L): Low complexity required for exploitation
• Privileges Required (PR:L): Low privileges (editor permissions) needed
• User Interaction (UI:N): No user interaction required
• Impact: High confidentiality, integrity, and availability impact

The vulnerability affects the Twig object exposure within the CMS, where the security sandbox fails to adequately restrict access to sensitive Twig attributes and methods.

Root Cause

The root cause lies in the incomplete protection of the Twig object within Grav CMS's security sandbox implementation. The sandbox was designed to restrict dangerous operations within Twig templates, but it does not fully isolate the Twig object itself. This oversight allows authenticated users with editor permissions to:

1. Access the Twig object directly through template directives
2. Call methods and read/write attributes on the Twig object
3. Modify the system.twig.safe_filters attribute to include arbitrary functions
4. Execute code through the newly whitelisted functions

Attack Vector

The attack requires network access and authentication with editor-level permissions. An attacker can craft malicious Twig template directives and inject them into web pages through the Grav CMS editor interface. The exploitation flow involves:

1. Authenticating to Grav CMS with editor permissions
2. Accessing a page or content that allows Twig template editing
3. Injecting malicious Twig directives that interact with the Twig object
4. Manipulating system.twig.safe_filters to whitelist dangerous functions
5. Executing arbitrary code through the now-permitted functions

The vulnerability mechanism involves manipulating the Twig templating engine's safe filter list. By accessing the system.twig.safe_filters attribute through crafted template directives, an attacker can add arbitrary PHP functions to the whitelist, such as system, exec, or passthru. Once whitelisted, these functions can be called directly from Twig templates, enabling remote code execution. For detailed technical analysis and proof-of-concept information, see the security advisory.

Detection Methods for CVE-2025-66299

Indicators of Compromise

• Unusual Twig template modifications in page content or theme files
• Suspicious function calls in server logs, particularly involving system, exec, passthru, or similar commands
• Unexpected modifications to Grav CMS configuration files
• New or modified entries in system.twig.safe_filters configuration
• Anomalous outbound network connections from the web server

Detection Strategies

Organizations should implement multi-layered detection approaches:

1. Log Analysis: Monitor Grav CMS and web server logs for unusual template rendering activities or error messages related to Twig processing
2. File Integrity Monitoring: Deploy file integrity monitoring on Grav CMS content directories, particularly user/pages/ and theme template files
3. Web Application Firewall (WAF): Configure WAF rules to detect SSTI payloads targeting Twig templating syntax
4. Behavioral Analysis: Monitor for unexpected process spawning from the web server process, indicative of command execution
5. Network Monitoring: Watch for unusual outbound connections that could indicate post-exploitation activity

Monitoring Recommendations

Security teams should enable verbose logging in Grav CMS and correlate events with endpoint detection and response (EDR) solutions. SentinelOne Singularity provides behavioral AI detection that can identify anomalous process execution patterns resulting from SSTI exploitation, including suspicious child processes spawned by the web server and unexpected script execution. Organizations should also monitor the EPSS probability (currently 0.078% with a 23.747 percentile) for changes indicating increased exploitation likelihood.

How to Mitigate CVE-2025-66299

Immediate Actions Required

• Upgrade Grav CMS to version 1.8.0-beta.27 or later immediately
• Review all user accounts with editor permissions and restrict access to only necessary personnel
• Audit recent page and template modifications for signs of malicious injection
• Implement web application firewall rules to detect and block SSTI payloads
• Enable comprehensive logging and monitoring on Grav CMS installations

Patch Information

The vulnerability is fixed in Grav CMS version 1.8.0-beta.27. The security patch is available via the official GitHub repository at commit e37259527d9c1deb6200f8967197a9fa587c6458. Organizations should update their Grav CMS installations through the standard update process or by applying the patch directly.

To update Grav CMS, use the built-in GPM (Grav Package Manager) or manually update from the GitHub repository. Verify the update was successful by checking the version number in the admin panel.

Workarounds

If immediate patching is not possible, organizations should implement the following temporary mitigations:

1. Restrict Editor Access: Remove editor permissions from all non-essential users until the patch can be applied
2. Network Segmentation: Isolate the Grav CMS server from critical network segments
3. Enhanced Monitoring: Deploy additional monitoring for template modifications and suspicious server activity
4. WAF Rules: Implement strict WAF rules targeting Twig template injection patterns

To restrict editor access temporarily, review user permissions in the Grav admin panel under Accounts and demote users to read-only or author roles that do not allow template editing. Consider disabling the Twig template editing functionality entirely by modifying user/config/system.yaml to restrict page processing options until the upgrade can be completed.