CVE-2025-9822

EPSS 0.23%
Veröffentlicht 03.09.2025 13:55:12
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle security@mautic.org
CVE-Watchlists
Login
Unerledigt
Login

Secret data extraction via elfinder

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available.

ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerMautic

≫

Produkt Mautic

Default Statusunaffected

Version >= 4.4.0

Version < < 4.4.17

Status affected

Version >= 5.0.0-alpha

Version < < 5.2.8

Status affected

Version >= 6.0.0-alpha

Version < < 6.0.5

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.129

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@mautic.org	5.5	1.2	4.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

CWE-283 Unverified Ownership

The product does not properly verify that a critical resource is owned by the proper entity.

https://github.com/mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w

https://nvd.nist.gov/vuln/detail/CVE-2025-9822

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-9822

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-9822

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-9822