CVE-2025-9821

LOW

Mautic 4.4.0-4.4.16, 5.0.0-alpha-5.2.7, 6.0.0-alpha-6.0.4 - Server-Side Request Forgery via Webhook Destination

Title source: llm

Description

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal services. See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ for more potential impact. Resources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html for more information on SSRF and its fix.

References (1)

Core 1

Core References

Vendor Advisory

https://github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69

Scores

CVSS v3 2.7

EPSS 0.0028

EPSS Percentile 19.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (4)

mautic/core 4.4.0 - 4.4.17Packagist

Mautic/Mautic >= 4.4.0 - < 4.4.17

Mautic/Mautic >= 5.0.0-alpha - < 5.2.8

Mautic/Mautic >= 6.0.0-alpha - < 6.0.5

Published Sep 03, 2025

Tracked Since Feb 18, 2026