cbcvebase.
CVE-2022-25777
published 2024-09-18

CVE-2022-25777: Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side…

PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.45%
35.5th percentile
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.

Affected

7 ranges
VendorProductVersion rangeFixed in
acquiamautic
acquiamautic>= 1.0.1 < 4.4.124.4.12
acquiamautic>= 5.0.0 < 5.0.45.0.4
mauticcore>= 1.0.0-beta4 < 4.4.124.4.12
mauticcore>= 5.0.0-alpha < 5.0.45.0.4
mauticmautic>= > 5.0.0 < < 5.0.4< 5.0.4
mauticmautic>= >= 1.0.0-beta4 < < 4.4.12< 4.4.12
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.