CVE-2025-9862

Published: Sep 17, 2025

Modified: Sep 17, 2025

PUBLISHED

Description

Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.

Vendor	Product	Versions
Ghost	Ghost	affected `6.0.0 - <= 6.0.8` affected `5.99.0 - <= 5.130.3`

Weaknesses (CWE)

CWE-918

References

https://fluidattacks.com/advisories/regida

third-party-advisory

https://github.com/TryGhost/Ghost

product

https://github.com/TryGhost/Ghost/releases/tag/v6.0.9

patch

https://github.com/TryGhost/Ghost/security/advisories/GHSA-f7qg-xj45-w956

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-9862

Description

Affected Products

Weaknesses (CWE)

References