CVE-2025-27515

Critical

Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted…

GitHub_M·CWE-155·Published 2025-03-05

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

254 chars

Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.

NVDen

254 chars

OSV.deven

169 chars

When using wildcard validation to validate a given file or image field array (`files.*`), a user-crafted malicious request could potentially bypass the validation rules.

GHSAen

169 chars

When using wildcard validation to validate a given file or image field array (`files.*`), a user-crafted malicious request could potentially bypass the validation rules.

NVDes

325 chars

Laravel es un framework de trabajo para aplicaciones web. Al utilizar la validación con comodines para validar un campo de archivo o imagen determinado (`files.*`), una solicitud maliciosa manipulada por el usuario podría eludir las reglas de validación. Esta vulnerabilidad se ha corregido en las versiones 11.44.1 y 12.1.1.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0	Primary	cve.org	6.9	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
4.0	Primary	cve.org	6.9	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
4.0	Secondary	GHSA	6.9	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
4.0	Secondary	NVD	6.9	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X