CVE-2025-66304 is a vulnerability identified in the Grav CMS, a file-based web platform widely used for content management. The flaw exists in versions prior to 1.8.0-beta.27 and involves the exposure of password hashes within the admin panel's user account management section. Specifically, any user with read access to this section can view the hashed passwords of all users, including those of administrative accounts. This exposure constitutes a CWE-200 (Exposure of Sensitive Information) and CWE-201 (Information Exposure Through Sent Data) weakness. Although the hashes themselves are not plaintext passwords, their disclosure allows an attacker to perform offline brute-force or dictionary attacks to recover the original passwords. Successful cracking of these hashes can lead to privilege escalation, enabling attackers to gain administrative control over the Grav installation. The vulnerability requires the attacker to have authenticated read access with high privileges (PR:H) but does not require user interaction (UI:N). The CVSS v3.1 base score is 6.2, reflecting a medium severity level, with high impact on confidentiality and integrity but low impact on availability. No known exploits are currently reported in the wild. The issue is resolved in Grav version 1.8.0-beta.27, and users are advised to upgrade to this or later versions to mitigate the risk.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of web platform user credentials. If exploited, attackers could escalate privileges and gain administrative access to Grav-powered websites, potentially leading to unauthorized data access, website defacement, or further lateral movement within the network. Organizations relying on Grav for critical web services or customer-facing portals may experience reputational damage and regulatory consequences, especially under GDPR, due to unauthorized exposure of user credentials. The requirement for authenticated read access limits the attack surface but insider threats or compromised accounts could facilitate exploitation. The medium severity rating indicates a moderate but actionable risk, emphasizing the need for timely patching and access control enforcement.

European organizations should immediately upgrade all Grav installations to version 1.8.0-beta.27 or later to remediate this vulnerability. Access to the admin panel, particularly the user account management section, must be strictly limited to trusted personnel with the minimum necessary privileges. Implement multi-factor authentication (MFA) for admin accounts to reduce the risk of credential compromise. Regularly audit user permissions and monitor access logs for unusual activity indicative of unauthorized access attempts. Employ strong password policies and encourage the use of password managers to reduce the likelihood of password cracking success. Additionally, consider network segmentation to isolate administrative interfaces and deploy web application firewalls (WAFs) to detect and block suspicious requests. Finally, conduct periodic security assessments and penetration tests to verify that no sensitive information is exposed inadvertently.