CVE-2022-25777

Published: Sep 18, 2024Modified: Feb 27, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.

Affected (8)

Products: Acquia: Mautic

Acquia

1 product

Mautic

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Acquia Mautic	From 1.0.1 to 4.4.12
Acquia Mautic	From 5.0.0 to 5.0.4
Acquia Mautic	Version 1.0.0
Acquia Mautic	Version 1.0.0 beta4
Acquia Mautic	Version 1.0.0 rc1
Acquia Mautic	Version 1.0.0 rc2
Acquia Mautic	Version 1.0.0 rc3
Acquia Mautic	Version 1.0.0 rc4

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (1)

https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w

Source: security@mautic.org

Vendor Advisory

Timeline

No history available yet.