CVE-2025-9821
published 2025-09-03CVE-2025-9821: SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also…
PriorityP410low2.7CVSS 3.1
AVNACLPRHUINSUCLINAN
EPSS
0.28%
20.0th percentile
SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed
DetailsWhen sending webhooks, the destination is not validated, causing SSRF.
ImpactBypass of firewalls to interact with internal services.
See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ for more potential impact.
Resources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html for more information on SSRF and its fix.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mautic | core | >= 4.4.0 < 4.4.17 | 4.4.17 |
| mautic | core | >= 5.0.0-alpha < 5.2.8 | 5.2.8 |
| mautic | core | >= 6.0.0-alpha < 6.0.5 | 6.0.5 |
| mautic | mautic | >= 4.4.0 – < 4.4.17 | — |
| mautic | mautic | >= 5.0.0-alpha – < 5.2.8 | — |
| mautic | mautic | >= 6.0.0-alpha – < 6.0.5 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Mautic vulnerable to SSRF via webhook function
osv·2025-09-03
CVE-2025-9821 [LOW] Mautic vulnerable to SSRF via webhook function
Mautic vulnerable to SSRF via webhook function
### Summary
Users with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed
### Details
When sending webhooks, the destination is not validated, causing SSRF.
### Impact
Bypass of firewalls to interact with internal services.
See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ for more potential impact.
### Resources
https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html for more information on SSRF and its fix
GHSA
Mautic vulnerable to SSRF via webhook function
ghsa·2025-09-03
CVE-2025-9821 [LOW] CWE-918 Mautic vulnerable to SSRF via webhook function
Mautic vulnerable to SSRF via webhook function
### Summary
Users with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed
### Details
When sending webhooks, the destination is not validated, causing SSRF.
### Impact
Bypass of firewalls to interact with internal services.
See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ for more potential impact.
### Resources
https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html for more information on SSRF and its fix
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-03
Published