CVE-2025-27515: Laravel has a File Validation Bypass
(updated )
When using wildcard validation to validate a given file or image field array (files.*), a user-crafted malicious request could potentially bypass the validation rules.
References
- github.com/advisories/GHSA-78fx-h6xr-vch4
- github.com/laravel/framework
- github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5
- github.com/laravel/framework/commit/a4f7a8f9b83e21882abeef78c3174c66b0f4a26b
- github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4
- nvd.nist.gov/vuln/detail/CVE-2025-27515
Code Behaviors & Features
Detect and mitigate CVE-2025-27515 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →