CVE-2025-64752
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-13

Last updated on: 2025-11-26

Assigner: GitHub, Inc.

Description
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged network access of server-side requests could offer opportunities for attack escalation. This issue is fixed in version 1.7.7. The mitigation was to use the proxy for untrusted fetches intended for such purposes. As a workaround, avoid making http/https endpoints available to an instance running Grist that expose credentials or operate without credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-13
Last Modified
2025-11-26
Generated
2026-06-16
AI Q&A
2025-11-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64752
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
getgrist grist-core to 1.7.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in grist-core (prior to version 1.7.7) allows any user with access to a document to use a feature that fetches URLs executed on the server. Because these server-side requests have privileged network access, this can be exploited to escalate attacks. The issue is fixed by using a proxy for untrusted fetches in version 1.7.7.

Impact Analysis

The vulnerability can allow an attacker with document access to perform server-side requests with privileged network access, potentially escalating attacks within the network. This could lead to unauthorized access to internal resources or sensitive data if the server fetches URLs that expose credentials or operate without credentials.

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade grist-core to version 1.7.7 or later. As a workaround, avoid making http/https endpoints available to the Grist instance that expose credentials or operate without credentials. Additionally, ensure that untrusted fetches use the proxy feature introduced in version 1.7.7 to prevent server-side request exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64752. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart