CVE-2025-66299 Overview
CVE-2025-66299 is a Server-Side Template Injection (SSTI) vulnerability in Grav CMS, a file-based web platform developed by Getgrav. The flaw affects all Grav versions prior to 1.8.0-beta.27. An authenticated user with editor permissions can inject malicious Twig template directives that interact with the Twig object, bypassing the existing security sandbox. The attacker can write to the system.twig.safe_filters attribute and register arbitrary functions, leading to remote code execution on the underlying server. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code).
Critical Impact
Authenticated editors can bypass the Grav security sandbox via Twig SSTI and execute arbitrary code on the host, compromising confidentiality, integrity, and availability of the web platform.
Affected Products
- Getgrav Grav versions prior to 1.8.0-beta.27
- All Grav 1.8.0 beta releases from beta1 through beta26
- Grav CMS instances exposing editor-role accounts to untrusted users
Discovery Timeline
- 2025-12-01 - CVE-2025-66299 published to NVD
- 2025-12-03 - Last updated in NVD database
Technical Details for CVE-2025-66299
Vulnerability Analysis
Grav CMS uses the Twig templating engine to render page content. To prevent template-based attacks, Grav enforces a security sandbox that restricts which filters, functions, and objects can be invoked from authored templates. The sandbox, however, does not fully isolate the Twig object itself. An attacker with editor permissions can craft Twig directives inside page content that reach the Twig object, call its methods, and read or write its attributes. By writing to system.twig.safe_filters, the attacker adds arbitrary PHP functions to the allowlist, effectively neutralizing the sandbox and enabling arbitrary code execution on the server.
Root Cause
The root cause is incomplete sandbox coverage in the Twig integration layer. The Twig object remains reachable from rendered templates, and its attribute mutators are not protected against writes from sandboxed contexts. This allows authenticated editors to mutate runtime configuration that controls which filters Twig considers safe, defeating the input validation the sandbox is intended to provide.
Attack Vector
Exploitation requires network access to the Grav web interface and an authenticated session with editor privileges. The attacker submits a page or content payload containing malicious Twig directives. When Grav renders the content, the directives execute against the unprotected Twig object, mutate system.twig.safe_filters, and chain into execution of attacker-supplied PHP functions. No user interaction is required beyond the attacker's own authenticated requests.
No public proof-of-concept code is available at this time. Technical specifics are documented in the GitHub Security Advisory GHSA-gjc5-8cfh-653x and the upstream fix commit e372595.
Detection Methods for CVE-2025-66299
Indicators of Compromise
- Page content, frontmatter, or Twig templates containing references to system.twig.safe_filters, _self, or unusual attribute accessors on the Twig object
- New or unexpected entries in the Grav configuration file system.yaml under twig.safe_filters
- Web server processes spawning unexpected child processes such as sh, bash, php -r, or network utilities under the PHP-FPM or web server user
- Outbound network connections originating from the web server immediately following content edits by editor accounts
Detection Strategies
- Audit Grav page content and the user/config/system.yaml file for unsanctioned Twig directives or modifications to safe_filters
- Review web server access logs for POST requests to admin save endpoints correlated with subsequent anomalous process activity
- Enable application-level logging of Twig rendering errors and sandbox security exceptions
Monitoring Recommendations
- Monitor authenticated editor sessions for content submissions containing Twig syntax such as {{, }}, and attribute() calls referencing system objects
- Alert on PHP processes invoking shell interpreters, file-system writes outside the Grav user directory, or unexpected outbound connections
- Track changes to the Grav installation directory and configuration files using file integrity monitoring
How to Mitigate CVE-2025-66299
Immediate Actions Required
- Upgrade Grav CMS to version 1.8.0-beta.27 or later, which contains the fix committed in e37259527d9c1deb6200f8967197a9fa587c6458
- Audit all accounts with editor permissions and revoke access from users who do not require content authoring rights
- Review existing page content and system.yaml for unauthorized Twig directives or safe_filters additions and revert any unexpected changes
- Rotate credentials for editor accounts and any secrets accessible from the web server filesystem if compromise is suspected
Patch Information
The vendor fixed CVE-2025-66299 in Grav 1.8.0-beta.27. The patch is published in the upstream repository as commit e37259527d9c1deb6200f8967197a9fa587c6458. Administrators should consult the GitHub Security Advisory GHSA-gjc5-8cfh-653x for the full vendor write-up and verify their deployment after upgrading.
Workarounds
- Restrict the editor role to fully trusted users until the upgrade is applied
- Place the Grav admin interface behind network-level access controls such as VPN or IP allowlisting to limit exposure
- Deploy a web application firewall rule to inspect content submissions for Twig directives referencing safe_filters or attribute writes on system objects
# Upgrade Grav to a patched release
cd /path/to/grav
bin/gpm selfupgrade
# Verify the running version is 1.8.0-beta.27 or later
bin/grav --version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
