Vulnerability Database

296,293

Total vulnerabilities in the database

CVE-2025-9862

Impact

A vulnerability in Ghost's oEmbed mechanism allows staff users to exfiltrate data from internal systems via SSRF.

Vulnerable versions

This vulnerability is present in Ghost v5.99.0 to v5.130.3 to and Ghost v6.0.0 to v6.0.8.

Patches

v5.130.4 and v6.0.9 contain a fix for this issue.

References

The original report will be available here: https://help.fluidattacks.com/portal/en/kb/articles/regida

We thank Cristian Vargas for discovering and disclosing this vulnerability responsibly.

For more information

If you have any questions or comments about this advisory, email us at security@ghost.org.

Published: Sep 15, 2025
Updated: Sep 16, 2025
CVE: CVE-2025-9862
GHSA: GHSA-f7qg-xj45-w956
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
ghost	6.0.0	6.0.9
ghost	5.99.0	5.130.4