CVE-2025-27515

CRITICAL

Laravel - Info Disclosure

Title source: llm

Description

Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.

Exploits (1)

nomisec WORKING POC 1 stars

by joaovicdev · poc

https://github.com/joaovicdev/EXPLOIT-CVE-2025-27515

View Code ZIP pw:eip

References (2)

[Patch] https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5

[Vendor Advisory] https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4

Scores

CVSS v3 9.8

EPSS 0.0028

EPSS Percentile 51.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-155

Status published

Products (2)

laravel/framework < 11.44.1

laravel/framework 12.0.0 - 12.1.1Packagist

Published Mar 05, 2025

Tracked Since Feb 18, 2026