CVE-2025-64752
BaseFortify
Publication date: 2025-11-13
Last updated on: 2025-11-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| getgrist | grist-core | to 1.7.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in grist-core (prior to version 1.7.7) allows any user with access to a document to use a feature that fetches URLs executed on the server. Because these server-side requests have privileged network access, this can be exploited to escalate attacks. The issue is fixed by using a proxy for untrusted fetches in version 1.7.7.
How can this vulnerability impact me? :
The vulnerability can allow an attacker with document access to perform server-side requests with privileged network access, potentially escalating attacks within the network. This could lead to unauthorized access to internal resources or sensitive data if the server fetches URLs that expose credentials or operate without credentials.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, upgrade grist-core to version 1.7.7 or later. As a workaround, avoid making http/https endpoints available to the Grist instance that expose credentials or operate without credentials. Additionally, ensure that untrusted fetches use the proxy feature introduced in version 1.7.7 to prevent server-side request exploitation.