CVE-2022-25770

Published: Sep 18, 2024Modified: Feb 27, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

Affected (9)

Products: Acquia: Mautic

Acquia

1 product

Mautic

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Acquia Mautic	From 1.0.1 to 4.4.13
Acquia Mautic	From 5.0.0 to 5.1.1
Acquia Mautic	Version 1.0.0
Acquia Mautic	Version 1.0.0 beta3
Acquia Mautic	Version 1.0.0 beta4
Acquia Mautic	Version 1.0.0 rc1
Acquia Mautic	Version 1.0.0 rc2
Acquia Mautic	Version 1.0.0 rc3
Acquia Mautic	Version 1.0.0 rc4

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (1)

https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc

Source: security@mautic.org

Vendor Advisory

Timeline

No history available yet.