Mautic Server-Side Request Forgery (SSRF) Vulnerability
CVE-2022-25777

6.5MEDIUM

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 18 September 2024

What is CVE-2022-25777?

An important vulnerability exists in Mautic that can be exploited by authenticated users to perform unauthorized actions via a Server-Side Request Forgery. Specifically, this flaw allows users to read sensitive system files and gain access to internal application addresses. This could lead to data leakage and compromise the integrity of the application. Mautic users are encouraged to update their systems to the patched version to prevent exploitation.

Affected Version(s)

Mautic >= 1.0.0-beta4 < 1.0.0-beta4

Mautic > 5.0.0 < 5.0.0

References

https://github.com/mautic/mautic/security/advisories/GHSA...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2024
Vulnerability Reserved
Feb 22, 2022

Credit

a-solovev

Lenon Leite

John Linhart

Avikarsha Shah