CVE-2022-25770

HIGH

Mautic < 4.4.13 - Unauthenticated Application Update via Upgrade Script

Title source: llm

Description

Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

References (1)

Core 1

Core References

Vendor Advisory

https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc

Scores

CVSS v3 7.8

EPSS 0.0027

EPSS Percentile 19.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (4)

acquia/mautic 1.0.0 (7 CPE variants)

acquia/mautic 1.0.1 - 4.4.13

mautic/core 1.0.0-beta3 - 4.4.13Packagist

mautic/core-lib 1.0.0-beta3 - 4.4.13Packagist

Published Sep 18, 2024

Tracked Since Feb 18, 2026