CVE-2025-7381

MEDIUM

Docker Mautic <=6.0.3/5.2.7 PHP Version Exposure via X-Powered-By Header

Title source: llm

Description

ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses. WorkaroundsThe mitigation requires changing the expose_php variable from "On" to "Off" in the file located at /usr/local/etc/php/php.ini.

References (1)

Core 1

Core References

Vendor Advisory

https://github.com/mautic/docker-mautic/security/advisories/GHSA-89jm-p7jf-x8jx

Scores

CVSS v3 5.3

EPSS 0.0024

EPSS Percentile 14.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-497

Status published

Products (4)

mautic/Docker Mautic <= 5.2.7-20250707-apache

mautic/Docker Mautic <= 5.2.7-20250707-fpm

mautic/Docker Mautic <= 6.0.3-20250707-apache

mautic/Docker Mautic <= 6.0.3-20250707-fpm

Published Jul 09, 2025

Tracked Since Feb 18, 2026