CVE-2025-9862

Medium CVSS: 6.1

Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.

Vendor

Ghost

Product

Ghost

CWE

CWE-918

Yayın Tarihi

2025-09-17 15:15:43

Güncelleme

2026-02-24 18:36:18

Source Identifier

help@fluidattacks.com

KEV Date Added

Kategoriler

CWE-918 Ghost MEDIUM Ghost 2025

Referanslar

https://fluidattacks.com/advisories/regida https://github.com/TryGhost/Ghost https://github.com/TryGhost/Ghost/releases/tag/v6.0.9 https://github.com/TryGhost/Ghost/security/advisories/GHSA-f7qg-xj45-w956 https://fluidattacks.com/advisories/regida

Benzer Kayıtlar

High

CVE-2026-29784

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /sessio…

High

CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can ex…

Critical

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform…

High

CVE-2026-24778

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an…

High

CVE-2026-22594

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabil…

High

CVE-2026-22595

Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerabil…