Vulnerability Database

320,551

Total vulnerabilities in the database

CVE-2025-9862

Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.

Published: Sep 17, 2025
Updated: Feb 3, 2026
CVE: CVE-2025-9862
GHSA: GHSA-f7qg-xj45-w956
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
ghost	6.0.0	6.0.9
ghost	5.99.0	5.130.4
ghost / ghost	5.99	5.130.3.x
ghost / ghost	6.0.0	6.0.8.x

https://fluidattacks.com/advisories/regida
https://github.com/TryGhost/Ghost
https://github.com/TryGhost/Ghost/commit/01d64c7c0ffbf90cd036195c60ded6d08077d612
https://github.com/TryGhost/Ghost/commit/ffe9d079afa68557c581d224f1ff126e625b06e3
https://github.com/TryGhost/Ghost/releases/tag/v6.0.9
https://github.com/TryGhost/Ghost/security/advisories/GHSA-f7qg-xj45-w956
https://help.fluidattacks.com/portal/en/kb/articles/regida

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo