Unauthorized Access Vulnerability in Mautic by Mautic
CVE-2025-5257

6.5MEDIUM

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 28 May 2025

What is CVE-2025-5257?

A vulnerability in Mautic allows unauthenticated users to access unpublished page previews due to the lack of proper authorization checks. This flaw enables these users to view and potentially expose draft content through easily predictable URLs. With search engines possibly indexing these links, sensitive information may inadvertently become public. Mautic has implemented permission checks in updated versions to mitigate this issue, urging users to upgrade to the patched version to ensure security.

Affected Version(s)

Mautic > 4.0

References

https://github.com/mautic/mautic/security/advisories/GHSA...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2025
Vulnerability Reserved
May 27, 2025

Credit

Lenon Leite

John Linhart

Zdeno Kuzmany

Lenon Leite