CVE-2025-9822

EPSS 0.04%
Published 03.09.2025 13:55:12
Last modified 04.09.2025 15:36:56
Source security@mautic.org
Teams watchlist Login
Open Login

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available.

ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorMautic

≫

Product Mautic

Default Statusunaffected

Version < < 4.4.17

Version >= 4.4.0

Status affected

Version < < 5.2.8

Version >= 5.0.0-alpha

Status affected

Version < < 6.0.5

Version >= 6.0.0-alpha

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.106

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
security@mautic.org	5.5	1.2	4.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

CWE-283 Unverified Ownership

The product does not properly verify that a critical resource is owned by the proper entity.

https://github.com/mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w

https://nvd.nist.gov/vuln/detail/CVE-2025-9822

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-9822

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-9822

EUVD