Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-25777

Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.

Published

2024-09-18T16:15:04.980

Last Modified

2025-02-27T19:37:08.240

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-918
Type: Primary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	acquia	mautic	< 4.4.12	Yes
Application	acquia	mautic	< 5.0.4	Yes
Application	acquia	mautic	1.0.0	Yes
Application	acquia	mautic	1.0.0	Yes
Application	acquia	mautic	1.0.0	Yes
Application	acquia	mautic	1.0.0	Yes
Application	acquia	mautic	1.0.0	Yes
Application	acquia	mautic	1.0.0	Yes

References

https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w Vendor Advisory ([email protected])