CVE-2025-66844: Grav may be vulnerable to SSRF attack via Twig Templates

Severity: Critical

CVSS Score: 9.1

In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered