6.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-66302

GHSA ID

GHSA-j422-qmxp-hv94

EPSS Score

CWE

CWE-22

Published

12/2/2025

Updated

12/2/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-66302

CVE-2025-66302: Grav vulnerable to Path Traversal allowing server files backup

Summary

A path traversal vulnerability has been identified in Grav CMS, versions 1.7.49.5 , allowing authenticated attackers
 with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due
 to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling
 access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of 
the user account running the application.

PoC

To accurately demonstrate the maximum potential impact of this vulnerability, the testing environment was configured in a specific way:

- Elevated Privileges: The application was run locally with the highest possible system privileges, operating under the **`root`** user account.
    
- Objective: This configuration was chosen to unequivocally show that the path traversal vulnerability is not just a theoretical issue but can lead to a complete compromise of the underlying host when combined with poor operational practices. The ability to read any file on the system is the ultimate test of the flaw's severity.
    

Proof of Concept Goal: Under these conditions, the subsequent PoC will exploit the vulnerability to read the SSH private key
 of the `root` user (`/root/.ssh/id_rsa`). The successful exfiltration of this key represents a worst-case scenario, as it would provide 
an attacker with persistent, undetectable, and complete administrative access to the host server. This highlights the critical intersection
 of an application-layer vulnerability and a infrastructure-level misconfiguration.

1- LOGIN AS ADMIN AND  GO TO  : http://127.0.0.1/admin/tools/backups
2- Change 'Root Folder' to backup directory /../../../../../../../root/.ssh/

3- CLICK  : 'SAVE'
4- CLICK  : 'Backup Now'

Miggo Vulnerability Database

→

CVE-2025-66302

CVE-2025-66302:

CVE-2025-66302: Grav vulnerable to Path Traversal allowing server files backup

Summary

A path traversal vulnerability has been identified in Grav CMS, versions 1.7.49.5 , allowing authenticated attackers
 with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due
 to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling
 access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of 
the user account running the application.

PoC

To accurately demonstrate the maximum potential impact of this vulnerability, the testing environment was configured in a specific way:

- Elevated Privileges: The application was run locally with the highest possible system privileges, operating under the **`root`** user account.
    
- Objective: This configuration was chosen to unequivocally show that the path traversal vulnerability is not just a theoretical issue but can lead to a complete compromise of the underlying host when combined with poor operational practices. The ability to read any file on the system is the ultimate test of the flaw's severity.
    

Proof of Concept Goal: Under these conditions, the subsequent PoC will exploit the vulnerability to read the SSH private key
 of the `root` user (`/root/.ssh/id_rsa`). The successful exfiltration of this key represents a worst-case scenario, as it would provide 
an attacker with persistent, undetectable, and complete administrative access to the host server. This highlights the critical intersection
 of an application-layer vulnerability and a infrastructure-level misconfiguration.

1- LOGIN AS ADMIN AND  GO TO  : http://127.0.0.1/admin/tools/backups
2- Change 'Root Folder' to backup directory /../../../../../../../root/.ssh/

3- CLICK  : 'SAVE'
4- CLICK  : 'Backup Now'

6.8

Basic Information

Concerned about an active attack path?

CVE-2025-66302: Grav vulnerable to Path Traversal allowing server files backup

Summary

PoC

CVE-2025-66302:

Detect and Respond To Threats Faster.

6.8

Basic Information

Concerned about an active attack path?

CVE-2025-66302: Grav vulnerable to Path Traversal allowing server files backup

Summary

PoC

6.8

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

6.8

Basic Information

Concerned about an active attack path?

CVE-2025-66302: Grav vulnerable to Path Traversal allowing server files backup

Summary

PoC

CVE-2025-66302:

6.8

Basic Information

Concerned about an active attack path?

CVE-2025-66302: Grav vulnerable to Path Traversal allowing server files backup

Summary

PoC

6.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI