Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-25770

Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

Published

2024-09-18T22:15:03.827

Last Modified

2025-02-27T19:42:12.837

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-306
Type: Primary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	acquia	mautic	< 4.4.13	Yes
Application	acquia	mautic	< 5.1.1	Yes
Application	acquia	mautic	1.0.0	Yes
Application	acquia	mautic	1.0.0	Yes
Application	acquia	mautic	1.0.0	Yes
Application	acquia	mautic	1.0.0	Yes
Application	acquia	mautic	1.0.0	Yes
Application	acquia	mautic	1.0.0	Yes
Application	acquia	mautic	1.0.0	Yes

References

https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc Vendor Advisory ([email protected])