Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2025-9862

Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.

Published: Sep 15, 2025
Updated: Dec 15, 2025
CVE: CVE-2025-9862
GHSA: GHSA-f7qg-xj45-w956
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
ghost	6.0.0	6.0.9
ghost	5.99.0	5.130.4

https://fluidattacks.com/advisories/regida
https://github.com/TryGhost/Ghost
https://github.com/TryGhost/Ghost/commit/01d64c7c0ffbf90cd036195c60ded6d08077d612
https://github.com/TryGhost/Ghost/commit/ffe9d079afa68557c581d224f1ff126e625b06e3
https://github.com/TryGhost/Ghost/releases/tag/v6.0.9
https://github.com/TryGhost/Ghost/security/advisories/GHSA-f7qg-xj45-w956
https://help.fluidattacks.com/portal/en/kb/articles/regida

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo