CVE-2025-9862 - Vulnerability Details - OpenCVE

Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation poc

Automatable yes

Technical Impact partial

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://fluidattacks.com/advisories/regida
https://github.com/TryGhost/Ghost
https://github.com/TryGhost/Ghost/releases/tag/v6.0.9
https://github.com/TryGhost/Ghost/security/advisories/GHSA-f7qg-xj45-w956

History

Wed, 17 Sep 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 17 Sep 2025 15:15:00 +0000

Type	Values Removed	Values Added
Description		Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.
Title		Ghost 6.0.6 - SSRF via oEmbed Bookmark
Weaknesses		CWE-918
References		https://fluidattacks.com/advisories/regida https://github.com/TryGhost/Ghost https://github.com/TryGhost/Ghost/releases/tag/v6.0.9 https://github.com/TryGhost/Ghost/security/advisories/GHSA-f7qg-xj45-w956
Metrics		cvssV4_0 `{'score': 6.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Fluid Attacks

Published: 2025-09-17T15:02:01.533Z

Updated: 2025-09-17T15:42:32.020Z

Reserved: 2025-09-02T17:46:31.153Z

Link: CVE-2025-9862

Vulnrichment

Updated: 2025-09-17T15:42:22.261Z

NVD

Status : Received

Published: 2025-09-17T15:15:43.937

Modified: 2025-09-17T16:15:36.780

Link: CVE-2025-9862

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9862", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "state": "PUBLISHED", "assignerShortName": "Fluid Attacks", "dateReserved": "2025-09-02T17:46:31.153Z", "datePublished": "2025-09-17T15:02:01.533Z", "dateUpdated": "2025-09-17T15:42:32.020Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Ghost", "vendor": "Ghost", "versions": [{"lessThanOrEqual": "6.0.8", "status": "affected", "version": "6.0.0", "versionType": "custom"}, {"lessThanOrEqual": "5.130.3", "status": "affected", "version": "5.99.0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ghost:ghost:*:*:linux:*:*:*:*:*", "versionEndIncluding": "6.0.8", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ghost:ghost:*:*:linux:*:*:*:*:*", "versionEndIncluding": "5.130.3", "versionStartIncluding": "5.99.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.<p>This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3."}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server Side Request Forgery"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.1, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2025-09-17T15:02:01.533Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://fluidattacks.com/advisories/regida"}, {"tags": ["product"], "url": "https://github.com/TryGhost/Ghost"}, {"tags": ["patch"], "url": "https://github.com/TryGhost/Ghost/releases/tag/v6.0.9"}, {"tags": ["vendor-advisory"], "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-f7qg-xj45-w956"}], "source": {"discovery": "UNKNOWN"}, "title": "Ghost 6.0.6 - SSRF via oEmbed Bookmark", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"references": [{"url": "https://fluidattacks.com/advisories/regida", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-17T15:42:29.239311Z", "id": "CVE-2025-9862", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-17T15:42:32.020Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9862", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-17T15:42:29.239311Z"}}}], "references": [{"url": "https://fluidattacks.com/advisories/regida", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-17T15:42:22.261Z"}}], "cna": {"title": "Ghost 6.0.6 - SSRF via oEmbed Bookmark", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server Side Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ghost", "product": "Ghost", "versions": [{"status": "affected", "version": "6.0.0", "versionType": "custom", "lessThanOrEqual": "6.0.8"}, {"status": "affected", "version": "5.99.0", "versionType": "custom", "lessThanOrEqual": "5.130.3"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://fluidattacks.com/advisories/regida", "tags": ["third-party-advisory"]}, {"url": "https://github.com/TryGhost/Ghost", "tags": ["product"]}, {"url": "https://github.com/TryGhost/Ghost/releases/tag/v6.0.9", "tags": ["patch"]}, {"url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-f7qg-xj45-w956", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.", "supportingMedia": [{"type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.<p>This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ghost:ghost:*:*:linux:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.0.8", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:ghost:ghost:*:*:linux:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "5.130.3", "versionStartIncluding": "5.99.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2025-09-17T15:02:01.533Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9862", "state": "PUBLISHED", "dateUpdated": "2025-09-17T15:42:32.020Z", "dateReserved": "2025-09-02T17:46:31.153Z", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "datePublished": "2025-09-17T15:02:01.533Z", "assignerShortName": "Fluid Attacks"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3."}], "id": "CVE-2025-9862", "lastModified": "2025-09-17T16:15:36.780", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "help@fluidattacks.com", "type": "Secondary"}]}, "published": "2025-09-17T15:15:43.937", "references": [{"source": "help@fluidattacks.com", "url": "https://fluidattacks.com/advisories/regida"}, {"source": "help@fluidattacks.com", "url": "https://github.com/TryGhost/Ghost"}, {"source": "help@fluidattacks.com", "url": "https://github.com/TryGhost/Ghost/releases/tag/v6.0.9"}, {"source": "help@fluidattacks.com", "url": "https://github.com/TryGhost/Ghost/security/advisories/GHSA-f7qg-xj45-w956"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://fluidattacks.com/advisories/regida"}], "sourceIdentifier": "help@fluidattacks.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "help@fluidattacks.com", "type": "Secondary"}]}