Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 26 Aug 2025 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Wed, 05 Mar 2025 19:00:00 +0000

Type Values Removed Values Added
Description Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.
Title Laravel has a File Validation Bypass
Weaknesses CWE-155
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-03-05T18:59:49.627Z

Reserved: 2025-02-26T18:11:52.307Z

Link: CVE-2025-27515

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2025-03-05T19:15:39.483

Modified: 2025-08-26T17:13:57.603

Link: CVE-2025-27515

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T11:07:02Z