{"id":"CVE-2025-9862","details":"Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.","aliases":["BIT-ghost-2025-9862","GHSA-f7qg-xj45-w956"],"modified":"2026-04-10T05:36:48.635778Z","published":"2025-09-17T15:15:43.937Z","references":[{"type":"ADVISORY","url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-f7qg-xj45-w956"},{"type":"FIX","url":"https://github.com/TryGhost/Ghost/releases/tag/v6.0.9"},{"type":"PACKAGE","url":"https://github.com/TryGhost/Ghost"},{"type":"EVIDENCE","url":"https://fluidattacks.com/advisories/regida"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tryghost/ghost","events":[{"introduced":"41041f9b9685e81a42f7d09d2058f5e7685fe3d2"},{"last_affected":"fcb129f2fb4e00d2df9f06b080e3a8edcd19b30d"},{"introduced":"5b8c97dcb46ae3d552a2f05531723f14c8f806a7"},{"last_affected":"9613411e203f8646fd8e78203e0016cd1c8aedc5"},{"fixed":"c076dcc64d4af99dca0ecc380d5f4df04fc2a0fd"}],"database_specific":{"versions":[{"introduced":"5.99.0"},{"last_affected":"5.130.3"},{"introduced":"6.0.0"},{"last_affected":"6.0.8"}]}}],"versions":["v5.100.0","v5.101.0","v5.101.4","v5.101.6","v5.102.0","v5.103.0","v5.104.0","v5.105.0","v5.106.0","v5.106.1","v5.107.0","v5.108.0","v5.108.1","v5.109.0","v5.109.3","v5.109.6","v5.110.0","v5.110.2","v5.111.0","v5.112.0","v5.113.0","v5.114.0","v5.115.1","v5.116.0","v5.116.2","v5.117.0","v5.118.0","v5.118.1","v5.119.0","v5.119.2","v5.120.0","v5.120.2","v5.121.0","v5.122.0","v5.125.1","v5.126.0","v5.127.0","v5.127.1","v5.128.0","v5.129.0","v5.129.1","v5.129.2","v5.130.0","v5.130.1","v5.130.3","v5.99.0","v6.0.0","v6.0.1","v6.0.3","v6.0.4","v6.0.5","v6.0.6","v6.0.7","v6.0.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9862.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}