What is CVE-2025-27515?

CVE-2025-27515 is a vulnerability in Laravel Framework, classified under CWE-155. Published 2025-03-05.

Is CVE-2025-27515 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Laravel Framework

CVE-2025-27515

Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.4…

EPSS: 0.003 (52.0th percentile) — read the EPSS interpretation.

Affected products

Laravel Framework — versions >= 12.0.0, < 12.1.1, < 11.44.1

Weakness classification (CWE)

CWE-155

Public proof-of-concept exploits

References

https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4 (x_refsource_CONFIRM)
https://github.com/laravel/framework/commit/2d133034fefddfb047838f4caca3687a3ba811a5 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-27515?: CVE-2025-27515 is a vulnerability in Laravel Framework, classified under CWE-155. Published 2025-03-05.
Is CVE-2025-27515 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.