Vendor
Mautic
Products
2
CVEs
10
Across products
10
Status
Private
Products
2- 7 CVEs
- 3 CVEs
Recent CVEs
10| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-13828 | Cri | 0.59 | — | 0.00 | Dec 2, 2025 | SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges. | |
| CVE-2025-13827 | Hig | 0.57 | — | 0.00 | Dec 2, 2025 | Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution. | |
| CVE-2017-1000046 | Hig | 0.49 | 7.5 | 0.00 | Jul 17, 2017 | Mautic 2.6.1 and earlier fails to set flags on session cookies | |
| CVE-2025-9824 | Med | 0.31 | 5.9 | 0.00 | Sep 3, 2025 | ImpactThe attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks. PatchesThis vulnerability has been patched, implementing a timing-safe form login authenticator that ensures consistent response times regardless of whether a user exists or not. Technical DetailsThe vulnerability was caused by different response times when: * A valid username was provided (password hashing occurred) * An invalid username was provided (no password hashing occurred) The fix introduces a TimingSafeFormLoginAuthenticator that performs a dummy password hash verification even for non-existent users, ensuring consistent timing. WorkaroundsNo workarounds are available. Users should upgrade to the patched version. References * https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account | |
| CVE-2025-9823 | Med | 0.31 | — | 0.00 | Sep 3, 2025 | SummaryA Cross-Site Scripting (XSS) vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious actions such as session hijacking, credential theft, or unauthorized actions in the application. DetailsThe vulnerability resides in the “Tags” input field on the /s/ajax?action=lead:addLeadTags endpoint. Although the server applies sanitization before storing the data or returning it later, the payload is executed immediately in the victim’s browser upon reflection, allowing an attacker to run arbitrary JavaScript in the user’s session. ImpactA Reflected XSS attack can have a significant impact, allowing attackers to steal sensitive user data like cookies, redirect users to malicious websites, manipulate the web page content, and essentially take control of a user's session within an application by executing malicious JavaScript code within the victim's browser, even if the server-side code is secure; essentially enabling them to perform actions as if they were the logged-in user. References * Web Security Academy: Cross-site scripting https://portswigger.net/web-security/cross-site-scripting * Web Security Academy: Reflected cross-site scripting https://portswigger.net/web-security/cross-site-scripting/reflected | |
| CVE-2025-9822 | Med | 0.29 | 5.5 | 0.00 | Sep 3, 2025 | SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them. | |
| CVE-2025-9821 | Low | 0.11 | 2.7 | 0.00 | Sep 3, 2025 | SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal services. See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ for more potential impact. Resources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html for more information on SSRF and its fix. | |
| CVE-2024-47051 | 0.00 | — | 0.01 | Feb 26, 2025 | This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system. | ||
| CVE-2024-47053 | 0.00 | — | 0.00 | Feb 26, 2025 | This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. * Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the "Reporting Permissions > View Own" and "Reporting Permissions > View Others" permissions, which should restrict access to non-System Reports. | ||
| CVE-2022-25773 | 0.00 | — | 0.00 | Feb 26, 2025 | This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server. * Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory. |