CVE-2025-68437: Craft CMS GraphQL SSRF Vulnerability

CVE-2025-68437 Overview

CVE-2025-68437 is a Server-Side Request Forgery (SSRF) vulnerability affecting Craft CMS, a popular platform for creating digital experiences. The vulnerability exists in the GraphQL save_<VolumeName>_Asset mutation, where the _file input's url parameter allows the server to fetch content from arbitrary remote locations without proper validation.

Attackers with specific GraphQL permissions for asset management can exploit this flaw by providing internal IP addresses or cloud metadata endpoints as the URL parameter. The server then makes requests to these restricted services, and the fetched content is saved as an asset that can be accessed and exfiltrated, potentially leading to data exposure and infrastructure compromise.

Critical Impact

Authenticated attackers can leverage the GraphQL API to access internal services, cloud metadata endpoints (such as AWS IMDSv1), and other restricted network resources, potentially exposing sensitive credentials, configuration data, and internal infrastructure information.

Affected Products

• Craft CMS versions 5.0.0-RC1 through 5.8.20
• Craft CMS versions 4.0.0-RC1 through 4.16.16

Discovery Timeline

• 2026-01-05 - CVE CVE-2025-68437 published to NVD
• 2026-01-08 - Last updated in NVD database

Technical Details for CVE-2025-68437

Vulnerability Analysis

This SSRF vulnerability (CWE-918) exists in the Craft CMS GraphQL asset mutation handler. The root issue lies in the insufficient validation of user-supplied URLs in the _file input parameter of the save_<VolumeName>_Asset GraphQL mutation.

When processing asset uploads via URL, the application fetches content from the provided URL without verifying whether the hostname resolves to an internal or restricted IP address. This allows attackers to abuse the server as a proxy to access internal network resources, cloud provider metadata services (e.g., http://169.254.169.254/), or other services that should not be externally accessible.

The vulnerability requires the attacker to have GraphQL permissions for asset management within the targeted volume, which limits exploitation to authenticated users with specific privileges.

Root Cause

The vulnerability stems from a lack of hostname validation in the asset upload functionality. Prior to the patch, the code accepted any URL without checking whether the hostname was a valid domain name or an IP address. This allowed attackers to supply URLs pointing to internal IP ranges (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8) or cloud metadata endpoints.

Attack Vector

The attack is network-based and requires authentication with GraphQL asset management permissions. An attacker can craft a malicious GraphQL mutation that specifies an internal URL in the _file.url parameter. The server processes this request, fetches the content from the internal resource, saves it as an asset, and makes it accessible to the attacker.

Typical attack scenarios include:

1. Cloud Metadata Harvesting: Accessing cloud provider metadata endpoints to retrieve instance credentials, API keys, or configuration data
2. Internal Service Enumeration: Probing internal services and APIs that are not exposed to the internet
3. Data Exfiltration: Retrieving sensitive files or configurations from internal systems

// Security patch in src/gql/resolvers/mutations/Asset.php
// Source: https://github.com/craftcms/cms/commit/013db636fdb38f3ce5657fd196b6d952f98ebc52

         } elseif (!empty($fileInformation['url'])) {
             $url = $fileInformation['url'];
 
+            // make sure the hostname is alphanumeric and not an IP address
+            $hostname = parse_url($url, PHP_URL_HOST);
+            if (
+                !filter_var($hostname, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) ||
+                filter_var($hostname, FILTER_VALIDATE_IP)
+            ) {
+                throw new UserError("$url contains an invalid hostname.");
+            }
+
             if (empty($fileInformation['filename'])) {
                 $filename = AssetsHelper::prepareAssetName(pathinfo(UrlHelper::stripQueryString($url), PATHINFO_BASENAME));
             } else {

The patch adds validation to ensure the hostname is a valid domain name and explicitly rejects IP addresses, preventing SSRF attacks via direct IP addressing.

Detection Methods for CVE-2025-68437

Indicators of Compromise

• GraphQL queries to save_<VolumeName>_Asset mutations containing URLs with internal IP addresses (e.g., 169.254.169.254, 10.x.x.x, 192.168.x.x, 127.0.0.1)
• Unusual outbound connections from the web server to internal network ranges or cloud metadata services
• Asset files containing metadata responses, JSON configurations, or other unexpected content types
• Increased GraphQL mutation activity from specific user accounts targeting asset endpoints

Detection Strategies

• Implement Web Application Firewall (WAF) rules to detect and block GraphQL mutations containing internal IP addresses or cloud metadata URLs in the url parameter
• Monitor server-side outbound requests for connections to RFC 1918 private address ranges and link-local addresses
• Analyze GraphQL logs for suspicious save_*_Asset mutations with unusual URL patterns
• Deploy network segmentation monitoring to alert on unexpected traffic from web servers to internal services

Monitoring Recommendations

• Enable detailed logging for all GraphQL mutations, particularly those involving file or asset operations
• Configure alerts for outbound HTTP requests from the Craft CMS application server to internal IP ranges
• Monitor asset uploads for anomalous file types or content that doesn't match expected media formats
• Review GraphQL permission assignments regularly to ensure asset management permissions are appropriately restricted

How to Mitigate CVE-2025-68437

Immediate Actions Required

• Update Craft CMS 5.x installations to version 5.8.21 or later immediately
• Update Craft CMS 4.x installations to version 4.16.17 or later immediately
• Review GraphQL permissions and restrict asset management capabilities to only necessary users
• Audit recent GraphQL activity for signs of exploitation, particularly save_*_Asset mutations with URL parameters

Patch Information

Craft CMS has released patched versions that add proper hostname validation to prevent SSRF attacks:

• Craft CMS 5.x: Update to version 5.8.21 or later - View Changelog
• Craft CMS 4.x: Update to version 4.16.17 or later

The fix validates that URLs contain legitimate domain hostnames rather than IP addresses, blocking attempts to access internal resources. For detailed technical information, refer to the GitHub Security Advisory GHSA-x27p-wfqw-hfcc and the commit details.

Workarounds

• Disable GraphQL asset mutations if not required by your application by restricting schema permissions
• Implement network-level controls to prevent the web server from making outbound connections to internal IP ranges and cloud metadata endpoints
• Use a reverse proxy or WAF to filter GraphQL requests containing internal IP addresses in URL parameters
• Restrict GraphQL API access to trusted IP addresses or authenticated sessions with minimal privileges

# Example: Block outbound connections to cloud metadata endpoint (iptables)
iptables -A OUTPUT -d 169.254.169.254 -j DROP

# Example: Block RFC 1918 ranges from web server
iptables -A OUTPUT -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -d 192.168.0.0/16 -j DROP