CVE-2025-66303 is a vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) found in Grav, a popular file-based web content management system. The vulnerability exists in versions prior to 1.8.0-beta.27 and relates specifically to the handling of the scheduled_at parameter, which is used to define cron expressions for scheduled tasks within the Grav admin panel. The root cause is the failure to properly sanitize input for these cron expressions, allowing an attacker with administrative privileges to inject malformed input such as a single quote. This malformed input corrupts the cron expression stored in the backup.yaml configuration file. As a result, the Grav admin panel becomes non-functional, effectively causing a Denial of Service by preventing administrators from managing the platform through the web interface. The only remediation without patching is manual intervention on the host server to edit and correct the corrupted backup.yaml file. The vulnerability requires authenticated access with high privileges (admin-level) and does not require user interaction beyond the attacker’s own actions. The CVSS v3.1 base score is 4.9, reflecting a medium severity level due to the impact on availability and the requirement for privileged access. There are no known exploits in the wild at this time. The issue is resolved in Grav version 1.8.0-beta.27, which properly sanitizes the scheduled_at parameter input to prevent injection of malformed cron expressions.

For European organizations using Grav CMS, this vulnerability primarily impacts the availability of the administrative interface, potentially disrupting content management and scheduled task operations. Organizations relying on Grav for critical web presence or internal portals may experience operational downtime or delays in administrative tasks. Since exploitation requires administrative credentials, the risk is higher in environments with weak access controls or where insider threats exist. The need for manual recovery by accessing the host server can increase operational costs and downtime, especially for organizations with limited IT staff or remote hosting environments. While confidentiality and integrity are not directly affected, the disruption to administrative functions could indirectly impact business continuity and service availability. Organizations in sectors with strict uptime requirements, such as government, healthcare, and finance, may face compliance and reputational risks if administrative access is lost due to this vulnerability.

European organizations should immediately upgrade Grav installations to version 1.8.0-beta.27 or later to apply the official fix that sanitizes the scheduled_at parameter. Until patching is possible, restrict administrative access to trusted personnel only and enforce strong authentication mechanisms, including multi-factor authentication, to reduce the risk of exploitation. Regularly audit and monitor admin panel usage and scheduled task configurations for unusual or malformed entries. Implement file integrity monitoring on critical configuration files like backup.yaml to detect unauthorized changes promptly. Establish documented recovery procedures for manual correction of corrupted cron expressions to minimize downtime if exploitation occurs. Additionally, consider isolating Grav administrative interfaces behind VPNs or internal networks to limit exposure. Backup configuration files regularly to enable quick restoration in case of corruption.