Mautic Update Vulnerability
CVE-2022-25770

7.5HIGH

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 18 September 2024

Summary

The Mautic application contains a vulnerability related to its upgrade script functionality. This security flaw arises from inadequate protection in the upgrade logic, which can result in configurations that may expose the application to risks. However, the potential for exploitation requires specific installation conditions, making it essential for users to follow recommended installation and upgrade practices to mitigate risks associated with this vulnerability.

Affected Version(s)

Mautic >= 1.0.0-beta3 < 1.0.0-beta3

Mautic >= 5.0.0 < 5.0.0

References

https://github.com/mautic/mautic/security/advisories/GHSA...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2024
Vulnerability Reserved
Feb 22, 2022

Credit

Mattias Michaux

Zdeno Kuzmany

Mattias Michaux

John Linhart

Patryk Gruszka