CVE-2025-13827: GrapesJsBuilder File Upload allows all file uploads

December 2, 2025

Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted.

References

github.com/advisories/GHSA-5xw2-57jx-pgjp
github.com/mautic/mautic
github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp
nvd.nist.gov/vuln/detail/CVE-2025-13827

Code Behaviors & Features

Detect and mitigate CVE-2025-13827 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →