CVE-2025-27515

Medium CVSS: 6.9

Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.

Vendor

Laravel

Product

Framework

CWE

CWE-155

Yayın Tarihi

2025-03-05 19:15:39

Güncelleme

2025-08-26 17:13:57

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-155 Framework MEDIUM Laravel 2025

Referanslar

https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5 https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4

Benzer Kayıtlar

Critical

CVE-2026-23524

Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and belo…

Critical

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauth…

High

CVE-2024-13919

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an im…

High

CVE-2024-13918

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an im…