Server-Side Request Forgery Vulnerability in Ghost by TryGhost
CVE-2025-9862

6.1MEDIUM

Key Information:

Vendor

Ghost

Status
Ghost
Vendor
CVE Published:
17 September 2025

What is CVE-2025-9862?

A Server-Side Request Forgery (SSRF) vulnerability exists in Ghost, which could allow an attacker to send crafted requests to internal resources. This vulnerability impacts multiple versions of Ghost, enabling potential unauthorized access to sensitive data and services within the affected system. The flaw exists from versions 6.0.0 through 6.0.8 and 5.99.0 through 5.130.3. Users are encouraged to update to the latest version to mitigate this risk.

Affected Version(s)

Ghost Linux 6.0.0 <= 6.0.8

Ghost Linux 5.99.0 <= 5.130.3

References

https://fluidattacks.com/advisories/regida
third-party-advisory
https://github.com/TryGhost/Ghost
product
https://github.com/TryGhost/Ghost/releases/tag/v6.0.9
patch

CVSS V4

Score:
6.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.