GHSA-5xw2-57jx-pgjp — high GitHub Advisory (CVE-2025-13827) in composer/mautic/grapes-js-builder-bu…

Description

Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted.

If the media folder is not restricted from running files this can lead to a remote code execution.

Score	Percentile
0.52%	66.66%

Base score	Version	Severity	Vector
8.8	4.0	—	`CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network. Attack complexity (AC:L) Exploitation conditions are straightforward and stable. Attack requirements (AT:P) Additional preconditions must be present for exploitation. Privileges required (PR:L) Low privileges are required. User interaction (UI:A) User interaction is required in an active way. Vulnerable system confidentiality impact (VC:H) High confidentiality impact on the vulnerable system. Vulnerable system integrity impact (VI:H) High integrity impact on the vulnerable system. Vulnerable system availability impact (VA:H) High availability impact on the vulnerable system. Subsequent system confidentiality impact (SC:H) High confidentiality impact on subsequent systems. Subsequent system integrity impact (SI:H) High integrity impact on subsequent systems. Subsequent system availability impact (SA:H) High availability impact on subsequent systems.

Type	Value
GHSA	GHSA-5xw2-57jx-pgjp ↗
CVE	CVE-2025-13827 ↗

CWE id	Name
CWE-434	Unrestricted Upload of File with Dangerous Type

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem	Package	Vulnerable range	First patched	Vulnerable functions
composer	mautic/grapes-js-builder-bundle	>= 4.0.0, < 4.4.18	4.4.18	—
composer	mautic/grapes-js-builder-bundle	>= 5.0.0, < 5.2.9	5.2.9	—
composer	mautic/grapes-js-builder-bundle	>= 6.0.0, < 6.0.7	6.0.7	—