Wildcard Validation Bypass in Laravel Framework
CVE-2025-27515

6.9MEDIUM

Key Information:

Vendor: Laravel
Status: Framework
Vendor: CVE Published:; 5 March 2025

What is CVE-2025-27515?

The Laravel web application framework is susceptible to a wildcard validation bypass issue, specifically affecting file and image field validations. When wildcard validation is employed (files.*), a crafted user request could circumvent established validation rules, potentially exposing applications to unverified or malicious file uploads. This flaw has been addressed in versions 11.44.1 and 12.1.1, highlighting the importance of upgrading to secure versions to mitigate risks associated with improper validation.

Affected Version(s)

framework >= 12.0.0, < 12.1.1 < 12.0.0, 12.1.1

framework < 11.44.1 < 11.44.1

References

https://github.com/laravel/framework/security/advisories/...

x_refsource_CONFIRM

https://github.com/laravel/framework/commit/2d133034fefdd...

x_refsource_MISC

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 5, 2025
Vulnerability Reserved
Feb 26, 2025