CVE-2022-25777

MEDIUM

Mautic < 4.4.12 - Authenticated Server-Side Request Forgery

Title source: llm

Description

Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.

References (1)

Core 1

Core References

Vendor Advisory

https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w

Scores

CVSS v3 6.5

EPSS 0.0044

EPSS Percentile 35.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (3)

acquia/mautic 1.0.0 (6 CPE variants)

acquia/mautic 1.0.1 - 4.4.12

mautic/core 1.0.0-beta4 - 4.4.12Packagist

Published Sep 18, 2024

Tracked Since Feb 18, 2026